Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Dlink Dir-850L Info Leak" module is designed to detect an information leakage vulnerability in the Dlink Dir-850L software. This vulnerability can potentially expose sensitive information to unauthorized users. The severity of this vulnerability is classified as informative, indicating that it provides valuable information but does not pose an immediate threat.
This module was authored by pikpikcu.
The information leakage vulnerability in the Dlink Dir-850L software can allow unauthorized users to access sensitive data. This can include user IDs and passwords, which can be used for unauthorized access to the system or other malicious activities. It is important to address this vulnerability to protect the confidentiality of user information.
The "Dlink Dir-850L Info Leak" module works by sending a specific HTTP request to the target system. It checks for specific conditions in the response to determine if the information leakage vulnerability is present.
One example of an HTTP request used by this module is:
POST /hedwig.cgi HTTP/1.1
Host: [target_host]
Cookie: uid=R8tBjwtFc8
Content-Type: text/xml
[request_body]
The module then applies matching conditions to the response to identify the presence of the vulnerability. In this case, it checks for a response status code of 200 and the presence of specific words, such as "" and "", in the response body.
If these conditions are met, the module will report the vulnerability, indicating that the information leakage vulnerability is present in the target system.
Reference:
- https://xz.aliyun.com/t/2941
Metadata:
max-request: 1
Cookie: uid=R8tBjwtFc8
Content-Type: text/xml