Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-10562 PoC — Dasan GPON家庭路由器命令注入漏洞

Source
https://github.com/649/Pingpon-Exploit
Associated Vulnerability
Title:Dasan GPON家庭路由器命令注入漏洞 (CVE-2018-10562)
Description:An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
Description
Exploit for Mass Remote Code Execution on GPON home routers (CVE-2018-10562) obtained from Shodan.
Readme
# PINGPON EXPLOIT

* Author: [@037](https://twitter.com/037)

Pingpon is a tool used to obtain thousands of vulnerable GPON home routers using Shodan.io to then execute any Linux command on using a remote code execution flaw (CVE-2018-10562). 

## DISCLAIMER

I am NOT responsible for any damages caused or any crimes committed by using this tool. 

Original Script: [github.com/f3d0x0/GPON](https://github.com/f3d0x0/GPON)

### Prerequisites

You're required to install Python 3.x

```
apt-get install python3
```

You also require to have the Shodan and Request modules installed
```
pip install shodan
```
```
pip install requests
```


### Using Shodan API

This tool requires you to own an upgraded Shodan API

You may obtain one for free in [Shodan](https://shodan.io/) if you sign up using a .edu email

![alt text](https://raw.githubusercontent.com/649/Pingpon-Exploit/master/1.png)
![alt text](https://raw.githubusercontent.com/649/Pingpon-Exploit/master/2.png)
File Snapshot

 [4.0K]  /data/pocs/1b1246fec6d5bfee80b15e96224eff1f12432d7b
├── [ 16K]  1.png
├── [ 10K]  2.png
├── [3.7K]  Pingpon.py
└── [ 972]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →