SQL Injection to MIPS Overflows: Rooting SOHO Routers

Presented at Black Hat USA 2012, July 26, 2012, 3:30 p.m. (60 minutes)

This presentation details an approach by which SQL injection is used to exploit unexposed buffer overflows, yielding remote, root-level access to Netgear wireless routers. Additionally, the same SQL injection can be used to extract arbitrary files, including plain-text passwords, from the file systems of the routers. This presentation guides the audience through the vulnerability discovery and exploitation process, concluding with a live demonstration. In the course of describing several vulnerabilities, I present effective investigation and exploitation techniques of interest to anyone analyzing SOHO routers and other embedded devices.


Presenters:

Links:

Similar Presentations: