Loading
0

NetGear R系列多款路由器远程命令注入漏洞分析

system("cp -f /www/cgi-bin/readydropd.conf /tmp/var/");
if ( acosNvramConfig_match((int)&unk_F0378, (int)"1") )
puts("\r\n###################copy readydropd.conf\r");
}
v12 = strstr(v6, "cgi-bin");
if ( v12 )
{
if ( acosNvramConfig_match((int)&unk_F0378, (int)"1") )
printf("\r\n##########%s(%d)\r\n", "netgear_commonCgi", 76);
if ( strchr(v12, 63) )
{
if ( acosNvramConfig_match((int)&unk_F0378, (int)"1") )
printf("\r\n##########%s(%d)\r\n", "netgear_commonCgi", 80);
v13 = strchr(v12, 63);
if ( acosNvramConfig_match((int)&unk_F0378, (int)"1") )
printf("\r\n#############%s(%d)tmp1=%s,tmp2=%s\r\n", "netgear_commonCgi", 83, v12, v13 + 1);
strcpy((char *)&v47, v13 + 1);
if ( acosNvramConfig_match((int)&unk_F0378, (int)"2") )
printf("\r\n###############%s(%d)query_string=%s\r\n", "netgear_commonCgi", 86, &v47);
v14 = strchr(v6, 47);
if ( v14 )
{
v15 = &v50;
memset(&v50, 0, 0x40u);
strncpy((char *)&v50, v14 + 1, v13 - 1 - v14);
if ( acosNvramConfig_match((int)&unk_F0378, (int)"2") )
{
v16 = "\r\n###############%s(%d)cgi_name=%s\r\n";
v17 = 93;
v18 = "netgear_commonCgi";
LABEL_34:
printf(v16, v18, v17, v15);
goto LABEL_40;
}
}
}
else
{
if ( acosNvramConfig_match((int)&unk_F0378, (int)"2") )
printf("\r\n##########%s(%d)\r\n", "netgear_commonCgi", 99);
v19 = strchr(v12, 47);
v20 = v19 + 1;                          // ;kill
v21 = v19;                              // /;kill
v22 = strchr(v19 + 1, 47);              // v22=0
memset(&v50, 0, 0x40u);                 // v50init
v23 = (char)v21;
if ( v21 )
v23 = 1;
v24 = v22 == 0;
if ( v22 )
v24 = v21 == 0;
if ( v24 )
{
if ( v22 )
v25 = 0;
else
v25 = v23 & 1;

分页阅读: 1 2 3 4 5 6 7 8 9
【声明】:8090安全小组门户(https://www.8090-sec.com)登载此文出于传递更多信息之目的,并不代表本站赞同其观点和对其真实性负责,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规。如有问题请联系我们:邮箱hack@ddos.kim,我们会在最短的时间内进行处理。