exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

bt-pwnage.txt

bt-pwnage.txt
Posted Nov 13, 2007
Authored by PAgVac | Site gnucitizen.org

Pwning the BT Home Hub details have been published. Various cross site scripting and cross site request forgery issues still exist.

tags | advisory, xss, csrf
SHA-256 | ab1677aacfc1c74bee9c7cfe35b991c63e556b2ab40df41d807b2900002f9b3b
Download | Favorite | View

bt-pwnage.txt

Change Mirror Download
Remote assistance now appears to be disabled. That definitively gets
rid of the worst threat: backdooring the Home Hub router by enabling
remote access permanently (could be done by editing the config file).
Telnet has also been disabled, and the contents of the config file is
now encrypted/obfuscated. However, there are many other
vulnerabilities that we reported, which are still present on version
6.2.6.B of the firmware.

For instance, there are still many (non-persistent and persistent)
XSS, system-wide CSRF and also the double-slash authentication bypass
which works on the latest firmware! That means that, for instance, you
can still steal the router's WEP/WPA key by making the victim click on
a URL that exploits a XSS vulnerability and scrapes the contents of
the WEP/WPA key page: https://192.168.1.254/cgi/b/_wli_/seccfg// . It
also means that any administrative requests (i.e.: disable wireless
access) can be made by tricking the user to visit a malicious website.
Since the auth bypass hasn't still been fixed, this attack would work
even if the user has changed the default password.

One of the reasons for publishing the details it's because we reported
the issues more than a month ago, which should be long enough to fix
the vulnerabilities. Also, BT has made inaccurate / not true
statements on a BBC Radio 4 show [1] and on their own website [2]
about how the vulnerabilities are "theoretical" rather than practical.

Publishing the details proves that we're not just talking BS but
rather warning the community about serious (and practical) issues
existent on the BT Home Hub.

Vulnerabilities details here:

https://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub-4

And my previous posts on the subject:

https://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub-3
https://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub-2
https://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub

References:

[1] https://www.bbc.co.uk/radio4/youandyours/items/01/2007_42_wed.shtml
[2] https://www.btplc.com/today/art70350.html


Regards,
AP.

-- 
pagvac
gnucitizen.org, ikwt.com

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close