A device that is vulnerable to this issue, only performs an authentication check (i.e.: is the password being submitted with a request via basic authentication?) when the request is performed using a certain HTTP method. For instance, most devices have a feature to backup the config file which contains all the configuration settings including admin credentials.
Finding authentication bypass bugs is an obvious choice for attackers, since such bugs allow administrative changes to be made without knowledge of the admin password. In other words, compromising the target device without requiring a password is of course something attackers are interested in! You bet! [...]
First of all I need to let you know that it is not within our practice to disclose vulnerabilities on specific online applications. However, given the fact that Pownce, the vendor, was responsibly informed and the fact that we believe that the issue is interesting enough to be discussed, we’ve decided to let you know about our findings. [...]
The usual suspects: George Clooney, Brad Pitt and Matt Damon. The plot: rob a casino. The method: hijack the vault’s security camera video stream and replace it with a static image. Fiction? I don’t think so.
This post is not going to be about how to hack into the video surveillance networks of your local government bur rather about my personal opinion about the current state of security implemented by the latest video technologies. [...]
In the previous post I’ve talked about how someone can poison local name servers (nasty things like registering a wpad name) through DHCP. In this post, I would like to draw your attention on various other injection issues that come into mind when we are dealing with that very same protocol. The reason for all these issues is because people tend to trust certain known protocols far too much. [...]
How easy is it for attackers to compromise the LAN? Answer: Very easy! With a few simple tricks, attackers can easily poison the local name resolution system for the machines inside a given LAN. Network Devices and Apple products are most vulnerable.
It is all due to mDNS. From Wikipedia’s article:
The problem with mDNS is that it is spoof-able. Here is how it works. mDNS enabled client will perform a mDNS query on a multicast address. [...]
SPI Dynamics released a paper on how to port scan and do other cool stuff with JavaScript. I found the paper quite interesting, so I decided to make my own port scanner in JavaScript. My aim was to build the port scanner small, cute, reusable and fast. After a couple of hours fiddling around with IMG tags and other DOM elements I came up with the following solution.
The code depends on your connection speed and might not be very accurate. [...]
This is the first paper written on the topic of virtual hosts hacking. It covers basic skills such as passive discovery techniques and (almost) stealth active discovery techniques. It also presents possible scenarios of exploitation.
Exegesis of Virtual Hosts Hacking was an experiment. The topic about hacking virtual hosts have been covered very vaguely in the past IMHO. [...]
