[ISN] Seemingly Insignificant SQL Injections Lead To Rooted Routers

From: InfoSec News <alerts_at_private>
Date: Fri, 6 Jul 2012 02:28:45 -0500 (CDT)
http://www.darkreading.com/database-security/167901020/security/news/240003263/seemingly-insignificant-sql-injections-lead-to-rooted-routers.html

By Ericka Chickowski
Contributing Writer
Dark Reading
July 05, 2012

Low-priority databases containing temporary network workload information 
could be a perfect vector for simple SQL injection attacks that can lead 
to outright domination of WiFi routers given the right chain of attack, 
warns a Black Hat presenter. In a few weeks, he'll show how he used SQL 
injection attacks to put together attacks that lead to remote takeovers 
of SOHO routers.

"I don't want to share too many of the technical details before my 
presentation, but what I will say is that what im doing is combining 
what you might call a high exposure but low value vulnerability. with 
some less exposed but higher value vulnerabilities," explains Zachary 
Cutlip, a security researcher with Tactical Network Solutions. "So the 
higher value vulnerabilities you wouldn't be able to get at very easily 
normally, but if you did you'd have a lot of access."

A researcher who spends considerable time testing the bounds of wireless 
networking equipment of all types, Cutlip says that he's found SQL 
injection attacks to come into play more often than he would have 
guessed when he first got into testing WiFi routers. For example, in 
some cases he's seen routers where the login credentials are stored in a 
SQL Lite database in such a way that if an attacker can find a SQL 
injection vulnerability and exploit it, that attacker can log into the 
router without credentials.

"One of the main ideas in my paper is, usually we think of SQL injection 
attacks being against databases that have valuable data," he says. "They 
think of it as being against a database that you want to compromise or 
tamper with or exfiltrate in some way. But you might also have a 
vulnerability database that has temporary workload data that (hackers) 
may be able to stick into (their) hip pocket to be used later."

[...]


--
Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online.
Come to a free class and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill
Received on Fri Jul 06 2012 - 00:28:45 PDT

This archive was generated by hypermail 2.2.0 : Fri Jul 06 2012 - 00:56:22 PDT