File tree Expand file tree Collapse file tree 1 file changed +6
-5
lines changed
modules/exploits/linux/http Expand file tree Collapse file tree 1 file changed +6
-5
lines changed Original file line number Diff line number Diff line change @@ -17,15 +17,16 @@ class Metasploit3 < Msf::Exploit::Remote
1717
1818 def initialize ( info = { } )
1919 super ( update_info ( info ,
20- 'Name' => 'D-Link DIR615h Command Execution - Upload and Execute ' ,
20+ 'Name' => 'D-Link DIR615h OS Command Injection ' ,
2121 'Description' => %q{
22- Some D-Link Routers are vulnerable to an authenticated OS command injection.
23- Default credentials for the web interface are admin/admin or admin/password. Since
24- it is a blind os command injection vulnerability, there is no output for the
22+ Some D-Link Routers are vulnerable to an authenticated OS command injection on
23+ their web interface, where default credentials are admin/admin or admin/password.
24+ Since it is a blind os command injection vulnerability, there is no output for the
2525 executed command when using the cmd generic payload. This module was tested against
2626 a DIR-615 hardware revision H1 - firmware version 8.04. A ping command against a
2727 controlled system could be used for testing purposes. The exploit uses the wget
28- client from the device to download the payload.
28+ client from the device to convert the command injection into an arbitrary payload
29+ execution.
2930 } ,
3031 'Author' =>
3132 [
You can’t perform that action at this time.
0 commit comments