Demo for an older version

Hello,

I am an opensource contributor, part of a project I am working on (details here), I am looking for a way to test an older version of the web interface, I found the demo for peplink balance, but it’s running the latest version, I am looking to reproduce this vulnerability specifically: https://www.exploit-db.com/exploits/42130, the SQL injection, I will be adding a module to the popular metasploit framework for this specific issue.

Not sure if there is a way to possibly simulate such an application if a demo is not available, would be thankful if you could point me to the right direction.

Thanks.

(Sorry if this is off-topic, feel free to remove it if it’s the case)

Which version of firmware do you need to be running?
An option would be to install FusionHu in the cloud, put a free Solo licence on the unit and downgrade the firmware to the version you require.

1 Like

Thanks a lot for your reply, I’ll try downloading FusionHub.

I’m looking for any version earlier than (or including) 7.0.0-build1904 (althrough the possibility of running multiple versions for testing would be interesting for me, the more versions I’ll test my module on, the more reliable it can be), there was a blind SQL injection in the bauth cookie, which allowed an unauthenticated user to retrieve session cookies of admins and authenticated users, and as I’m developing an SQL injection library for metasploit, I thought this might be interesting for a proof of concept.

Thanks a lot again.

Just a quick question about firmware versions, as I’m looking on other sites on the internet, is it possible to download old versions from the official website? directory listing is disabled on the download folder

Thanks

You can find the firmware archive here.

3 Likes