Unfortunately command injections like the NETGEAR one Zachary Cutlip
and I both came across are all too common in embedded systems.
Similar to NETGEAR and Linksys having commands injected when running
ping, I have also noticed that DD-WRT v24-sp2 is prone to command
injection from specially
October 29 at 1PM EST for a Google Hangout in
which I will discuss the issue further and demonstrate a technique for
exploiting the flaw.
Thanks,
Craig Young
@CraigTweets
http://secur3.us/pub_key.asc
. I have prepared a blog post to explain the issues and provide
proof-of-concept/reproduction information:
http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard/
Thanks,
Craig Young
Security Researcher, Tripwire VERT
@CraigTweets
://www.google.com/intl/en/chrome/browser/mobile/ios.html and
Mac/PC Chrome also definitely supports this as outlined by Duo
Security's recent blog post:
https://blog.duosecurity.com/2013/08/beyond-google-application-specific-password-exploiting-google-chromes-stored-oauth2-tokens/
Thanks,
Craig
be used to retrieve arbitrary files from the system
or to stage an overflow payload as is detailed in the above link.
I strongly advise anyone using this program to update to the latest version.
Kind Regards,
Craig Young
@CraigTweets
if the victim subsequently logs into the
account. The issue is tracked as CVE-2012-6458.
Thanks,
Craig Young
@CraigTweets