Skip to content

An exploitation tool to extract passwords using CVE-2015-5995.

License

Notifications You must be signed in to change notification settings

shaheemirza/TendaSpill

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 

Repository files navigation

TendaSpill

An exploitation tool to extract passwords using CVE-2015-5995.

CVE-2015-5995

Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header.

Disclaimer

This tool is for testing and educational purposes only. Any other usage for this code is not allowed. Use at your own risk. The author or any Internet provider bears NO responsibility for misuse of this tool. By using this you accept the fact that any damage caused by the use of this tool is your responsibility.

"In the end, we're all alone. And no one's coming to save you." -John Reese, Person of Interest.

Interesting Read

https://hk.saowen.com/a/31cc238470dacd72b1775a20c84fbd73f6d818ff6063bb23e7bfad387a43ccec

Demo

https://www.facebook.com/shahee.mirza.5/videos/1154224851419835/

How to use

$ bash tendaspill.sh IP:PORT
$ bash tendaspill.sh 192.168.1.1:8080

Contributing

Go ahead! you know what to do.

License

The source code is licensed under the MIT license.