Research Article
Discovering Vulnerabilities in COTS IoT Devices through Blackbox Fuzzing Web Management Interface
| POST/diag.cgi HTTP/1.1 | | Host: 192.168.0.1 | | Content-Length: 82 | | Content-Type: application/x-www-form-urlencoded | | User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWeb Kit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 | | Accept: text/html, application/xhtml + xml,application/xml; | | q = 0.9,image/webp, image/apng,∗/∗; q = 0.8 | | Accept-Encoding: gzip, deflate | | Accept-Language: zh-CN,zh; q = 0.9 | | Cookie: username = %%; hash_key = 5122420728838914,session_id = 8492544218643274 | | Connection: close | ENABLE_EXTERNAL_PING = YES_PING_HOSTIP = 11 | ping 192.168.0.11_PING_COUNT = 3 | | &pg = ping&LANGUAGE = &OKBTN=Start |
|