dd-wrt pwnd
Loading...
Uploaded by gat3way on Jul 20, 2009
yep...a stupid bug exploited. Shame on the dd-wrt developers :(
Uploader Comments (gat3way)
All Comments (34)
-
I've been attempting this on an old router I dug up from 2006 that I can't retrieve the passwords from, but It doesn't seem to be working on the older ones. You can still ";reboot" them though.
-
did the dd-wrt pwnd died in this video???
-
i dont understand the video (im newbie) but THE SONG IS AWESOME! =D
-
wtf this is really not cool.
just tried does not works with the actual svn-version. but with an older no problem.
just turn off remote web gui and the problem is away..
-
Bravo :D
-
shame on the dd-wrt developers :(
-
Bravo! Respect! Microsoft sized bug ;-)
-
impressive
-
good job :) nice bug
-
interesante! ..... habra q probarlo
62 videosYouTube Mix for Scatman John- 5:53
Boost Your Wireless Using An Old Routerby gigafide165,601 views
- 7:18
Installing DD-WRT on a Linksys WRT54G v2 Routerby StephenCTracy33,873 views
- 0:18
another WRT54G Fan modby n474549,621 views
- 8:29
DD-WRT Wireshark WL ROUTER NETGEAR|WNR834B-100NARby hyperverbal6,055 views
- 6:15
Hacking Is FON!by neilvallon18,155 views
- 2:00
SD MOD WRT54GL V1.1by Victek200744,373 views
- 0:56
DD-WRT Information Disclosure Vulnerabilityby devttys05,130 views
- 1:07
Booting Debian Linux on Linksys WRT54GLby rawsok18,732 views
- 0:57
How To Increase Your Antenna Transmit Strength Of Your Wireless Router In DDWRT .by xxxPLAYGTA4xxx18,824 views
- 2:57
Blocking a Website with DD-WRTby lytithwyn1,695 views
- 2:24
Hacking the Asus wl500gpby PAOV197612,020 views
- 0:25
Goal Keeper Gets PWNDby dailyfailblog58,276 views
- 1:49
DD-WRT running NoCatSplash with User Authentication mod.by wifimonkey7,300 views
- 14:52
DD-WRT Router Configuration Part 1by helpfultechvids5,080 views
- 1:22
Linksys WRT160NL serial consoleby FABRICIUSZ2,982 views
- 5:13
Knockd on DD-wrt - part 1 of 6by hotfortech7,145 views
- 3:19
How to Hack A WiFi router, Crack Password, Disable Security, Boost Range etc.by acecodemaster96,587 views
- 1:57
DD-WRT console usb serial ttlby gnusis7,964 views
- 2:29
Mike Matusow Pwnd!by rajrajlasse117,440 views
- 0:58
WRT54G Blue LED Fan Modby CrabbyData9,298 views
the code für cgi-bin handling has been completelly wriped, but CSRF prevention is made before this code. search for "cross site attack"
brainslayer666 2 years ago
I've just tested against 24sp1 - CSRF works. But indeed in the SVN there is a referer check before. Probably it's been added later. However even this way, the attack is possible from a ssl site cause in that case no referers are being sent.
gat3way 2 years ago
i checked that too right now. the referer is included in ssl calls too
brainslayer666 2 years ago
Not if the request comes from a SSL site - that would be considered an information leakage and no sane browser does it (konqueror is an exception AFAIK).
OpenWRT does a great job at preventing CSRF by validating the request based on an unique session id (about 15-20 bytes long) in the URL. Since it's hard to guess/bruteforce, CSRF attacks are not feasible against it.
gat3way 2 years ago
Yes, but then it's still open for a CSRF attack. If someone that has access to the web UI open a specially crafted page (this even could be a forum with crafted img urls), then his router is at risk. It does not require an authenticated session to work.
gat3way 2 years ago