####################################################################### Device: Gigabyte Broadband Router - Multiple Vulnerabilities Vendors: http://www.giga-byte.com Versions: Gn-B46B Firmware Version: 1.003.00 Platforms: Windows Bug: Authorization Bypass Risk: High Exploitation: remote with browser Date: 18 Feb 2004 Author: Rafel Ivgi, The-Insider e-mail: the_insider@mail.com web: http://theinsider.deep-ice.com ####################################################################### 1) Introduction 2) Bugs 3) The Code ####################################################################### =============== 1) Introduction =============== Gigabyte Gn-B46B is a 2.4Ghz Wireless Broadband Router. Upon connection to the router a basic authorization is required. Product details: http://www.giga-byte.com/Communication/Products/Products_Wireless_GN-B46B.ht m ####################################################################### ====== 2) Bug ====== This bug is an amazing Authorization Bypass, almost unexplained. The server protects all its files with "Basic Authorization". The Authorization cannot be bypassed in any other way except of requesting the files on the router from the html menu of the router. The problem is that this protection should work only when the html menu of the router is on the router itself. However if an attacker will use the router's menu from a local html, it will bypass the authorization and the attacker will be logged in. Truely amazing, exceptional. ####################################################################### =========== 3) The Code =========== Just copy this to a ".html" file and replace with the target's IP. ------------------------------------ Cut Here -------------------------------------- htdocs English
  Network Configuration
     LAN Configuration
     WAN Configuration
     WAN Setting
  Wireless Configuration
     802.11b
     MAC Access Control
  Static Routing Table
  Virtual Server
     DMZ
     PPPoE/DHCP/Static
     PPPoE Unnumber
  Firewall Rule
     Security
     VPN Pass Through
     Static Rule
  DNS Replay
  PPP Monitor
  Reboot
  Initialization
  Change Password
  Change WAN MAC
  Upgrade Firmware
  BackUp/Restore
  Log Information
     Firewall Log
     WAN Connection
     UPnP Log
  Save Maintenance
  Help
  Ping
  About
------------------------------------ Cut Here -------------------------------------- ####################################################################### --- Rafel Ivgi, The-Insider http://theinsider.deep-ice.com "Things that are unlikeable, are NOT impossible."