http://www.darkreading.com/database-security/167901020/security/news/240003263/seemingly-insignificant-sql-injections-lead-to-rooted-routers.html By Ericka Chickowski Contributing Writer Dark Reading July 05, 2012 Low-priority databases containing temporary network workload information could be a perfect vector for simple SQL injection attacks that can lead to outright domination of WiFi routers given the right chain of attack, warns a Black Hat presenter. In a few weeks, he'll show how he used SQL injection attacks to put together attacks that lead to remote takeovers of SOHO routers. "I don't want to share too many of the technical details before my presentation, but what I will say is that what im doing is combining what you might call a high exposure but low value vulnerability. with some less exposed but higher value vulnerabilities," explains Zachary Cutlip, a security researcher with Tactical Network Solutions. "So the higher value vulnerabilities you wouldn't be able to get at very easily normally, but if you did you'd have a lot of access." A researcher who spends considerable time testing the bounds of wireless networking equipment of all types, Cutlip says that he's found SQL injection attacks to come into play more often than he would have guessed when he first got into testing WiFi routers. For example, in some cases he's seen routers where the login credentials are stored in a SQL Lite database in such a way that if an attacker can find a SQL injection vulnerability and exploit it, that attacker can log into the router without credentials. "One of the main ideas in my paper is, usually we think of SQL injection attacks being against databases that have valuable data," he says. "They think of it as being against a database that you want to compromise or tamper with or exfiltrate in some way. But you might also have a vulnerability database that has temporary workload data that (hackers) may be able to stick into (their) hip pocket to be used later." [...] -- Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online. Come to a free class and see how good and fun the program really is. http://www.expandingsecurity.com/PainPillReceived on Fri Jul 06 2012 - 00:28:45 PDT
This archive was generated by hypermail 2.2.0 : Fri Jul 06 2012 - 00:56:22 PDT