I've been attempting this on an old router I dug up from 2006 that I can't retrieve the passwords from, but It doesn't seem to be working on the older ones. You can still ";reboot" them though.
I've just tested against 24sp1 - CSRF works. But indeed in the SVN there is a referer check before. Probably it's been added later. However even this way, the attack is possible from a ssl site cause in that case no referers are being sent.
Not if the request comes from a SSL site - that would be considered an information leakage and no sane browser does it (konqueror is an exception AFAIK).
OpenWRT does a great job at preventing CSRF by validating the request based on an unique session id (about 15-20 bytes long) in the URL. Since it's hard to guess/bruteforce, CSRF attacks are not feasible against it.
Yes, but then it's still open for a CSRF attack. If someone that has access to the web UI open a specially crafted page (this even could be a forum with crafted img urls), then his router is at risk. It does not require an authenticated session to work.
I've been attempting this on an old router I dug up from 2006 that I can't retrieve the passwords from, but It doesn't seem to be working on the older ones. You can still ";reboot" them though.
MrFreemaan 4 months ago
did the dd-wrt pwnd died in this video???
ki4hou 8 months ago
i dont understand the video (im newbie) but THE SONG IS AWESOME! =D
9KIRA2 1 year ago
wtf this is really not cool.
just tried does not works with the actual svn-version. but with an older no problem.
just turn off remote web gui and the problem is away..
eniGolfClub 2 years ago
Bravo :D
hypnologic 2 years ago
shame on the dd-wrt developers :(
evald80 2 years ago
Bravo! Respect! Microsoft sized bug ;-)
HarryE1969 2 years ago
impressive
Rohkiani311006 2 years ago
good job :) nice bug
kornel8686 2 years ago
interesante! ..... habra q probarlo
juliuss1979 2 years ago
yes man, its old schools ....
nemphilis 2 years ago
WHAHAHAHAHAAA!
spcuberemi 2 years ago
hehehe nice ;) yup, it is a stupid bug. why, ddwrt devteam, WHY ?!
betaswithWack0 2 years ago
nice sound gat3
lkiokdix 2 years ago
I am currently using this version of DD-WRT, but now I will soon install the tomato firmware, which seems to be much better.
ethOoOo 2 years ago
Yeah.. nice bug =D
TechnologyVip 2 years ago
very well done: 5 stars!
viniciuskmax 2 years ago
Ще бъде :) Но кога ще я обявят за стабилна, мисля че един от коментиращите тук може да ти отговори :)
gat3way 2 years ago
song?
MrInfernoHacker 2 years ago
Skatman John, man!
Metropolitian 2 years ago
John Scatman - Scatman's World
viniciuskmax 2 years ago
nice one!!!.... you are number one! heheh
lordlortnoc 2 years ago
nice one
warezDUDE 2 years ago
Thanks for finding this.
wschoot 2 years ago
the code für cgi-bin handling has been completelly wriped, but CSRF prevention is made before this code. search for "cross site attack"
brainslayer666 2 years ago
I've just tested against 24sp1 - CSRF works. But indeed in the SVN there is a referer check before. Probably it's been added later. However even this way, the attack is possible from a ssl site cause in that case no referers are being sent.
gat3way 2 years ago
i checked that too right now. the referer is included in ssl calls too
brainslayer666 2 years ago
Not if the request comes from a SSL site - that would be considered an information leakage and no sane browser does it (konqueror is an exception AFAIK).
OpenWRT does a great job at preventing CSRF by validating the request based on an unique session id (about 15-20 bytes long) in the URL. Since it's hard to guess/bruteforce, CSRF attacks are not feasible against it.
gat3way 2 years ago
Yes, but then it's still open for a CSRF attack. If someone that has access to the web UI open a specially crafted page (this even could be a forum with crafted img urls), then his router is at risk. It does not require an authenticated session to work.
gat3way 2 years ago
CSRF wont work since dd-wrt has prevention for it
brainslayer666 2 years ago
inqian, I think you mean WAN, WLAN is the wireless internal.
backslash2486 2 years ago
That's because linksys routers are not as impressive as the fucking Gibson :)
gat3way 2 years ago
This is NOTHING like the movie Hackers. WTF?
jardolin 2 years ago
just had to use scat, huh :(
cryptomnesiac 2 years ago