Wednesday, December 12th 2018, 2:24am UTC+1

Giriş yapmadınız.

  • Giriş
  • Kayıt

Sayın ziyaretçi, NAS Forum sitesine hoş geldiniz. Eğer buraya ilk ziyaretiniz ise lütfen Yardım bölümünü okuyunuz. Yardım bölümü bu sitenin nasıl çalıştığını açıklamaktadır. Site özelliklerinin tümünü kullanabilmeniz için öncelikle kayıt yaptırmanız gerekmektedir. Kayıt yaptırmak için kayıt formunu okuyabilir ya da kayıt işlemi hakkında daha fazla bilgi edinebilirsiniz. Eğer önceden kayıt yaptırdıysanız, buraya tıklayarak giriş yapabilirsiniz.



Mesajlar: 467

Konum: Zu Hause


Tuesday, April 6th 2010, 10:06am

UpNP Security Exploit !?!

Hello world! :coffee:

Anyone of you using the Twonky or MediaTomb? What about your Router? UpNP Mode activated? I did and I feel a little bit endangerd, reading that an attack is as easy as counting one to one.
After having read several UPnP security research materials I realized that all the described attacks assume that the attacker (be it human or malware) comes from inside the network. So how to exploit IGDs remotely via UPnP even when no services are publicly available (WAN interface)?
If you sniff yourself while running software that uses UPnP in the background to help you configure your router, you’ll see that UPnP is nothing more than SOAP. Our AJAX knowledge tells us about a feature that allows us to craft arbitrary XML requests: the
XMLHttpRequest object. Trouble is, such object can only be used within the context of the site that the requests are submitted to. So if we host the malicious scripting code on a third-party site, and a victim user located in the same LAN as the target IGD visits such page, the request wouldn’t go through due to XMLHttpRequest same-origin policy restriction. Or put in a different way: you aren’t allowed to make XMLHttpRequests to any server except the server where your web page came from.
However, if you find a pre-auth XSS vulnerability on the target device you can bypass such restriction. For instance, many devices such as the BT Home Hub and Speedtouch routers offer certain pages before authenticating. Some of these pages are cgi scripts which are vulnerable to XSS. Although offering certain “useless” functionalities before logging into the router might not seem like a big deal, it can actually lead to UPnP being exploited remotely, even if the web admin console is not visible from the Internet!
A first sniff showed several lacks in a testfield scenario with RS2001, Twonky, a D-LINK 524 with the newest FW and UpNP support turned off, NAT was activated and stricly closed (No Portforwarding from LAN 2 WAN).
Der Mensch ist das wichtigste und kostbarste Peripheriegerät einer Computeranlage.

myStuff: NAS2001+4220(1000Gb-ext3)+Dlink524+KabelD. (120 Mbit)