what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

dlinkDoS.txt

dlinkDoS.txt
Posted Jun 3, 2003
Authored by Chris | Site securityindex.net

D-Link routers with a firmware of 2.70 and below are vulnerable to a denial of service vulnerability providing the attacker has the ability to see the internal interface on the router. Sending a malformed URL to the syslog script will caused a DNS query. Multitudes of this query can result in a DoS and other odd forms of behavior.

tags | exploit, denial of service
SHA-256 | 802c81b31a6ec34d42defd9d16029f1790493faf92d67f06228dcf953950b333

dlinkDoS.txt

Change Mirror Download

Nessus wrote a nice little plugin for it
http://www.securityindex.net/dlink_router_overflow.nasl
--
My home network uses a small 4 port broadband Dlink router (704p) The firmware was updated one week ago
to version 2.70 from the www.D-link.com website

The following malformed URL's cause odd behavior in the router. Pointing your browser (like most routers) to the gateways internal IP address you get a web interface for administering your router.

http://192.168.0.1/syslog.htm?D=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

This URL caused the router to do a DNS query on:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA@xxxx.xx.comcast.net

"@xxxx.xx.comcast.net" is the trailing end of my hostname (i replaced the real trailing host name with x's as to not give up my hometown and state! heh)


Subsequently there was a DNS response "no such name"
Enough of these malformed URLS causes the DNS server to DoS the router for a short time because a DNS response packet is much larger then a DNS query packet.
This URL also caused an error in the routers log file page, the URL
made the page look odd. This router uses CSS to display its tabs and log file (syslog.htm). Some of the HTML was visible within the CSS that were now repeating across the page. I took a screen shot and uploaded it to my webspace. Copy and paste the link below to see.

http://www.securityindex.net/router.JPG

<------------------------------------------- ------------------------------------------->
<------------------------------------------- ------------------------------------------->
<------------------------------------------- ------------------------------------------->
<------------------------------------------- ------------------------------------------->
<-------------------------------------------next------------------------------------------->


This URL also cuases problems:

http://192.168.0.1/syslog.htm?D=................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

This malformed URL caused the router to stop responding. Requesting this
url over and over will eventually render the router useless until reset.
You can still access the internet after sending this url once but the routers
configuration page does not respond until you reset the router.

If your D-Link router is set to allow remote administration then its potentially
possible for an attacker to render your router useless until it is physically
reset by unplugging it and replugging it into the wall.

-->
i sent an email to dlink containing a copy of this post. Thanx
-->

--chris

www.securityindex.net

-apex security group-

:-hello-:
george
dreifach-x
th1nk
johnblaze

Login or Register to add favorites

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close