Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NETGEAR Wireless Cable Modem Gateway Auth Bypass and CSRF - SOS-11-011

From: Valdis.Kletnieks () vt edu
Date: Tue, 20 Sep 2011 08:06:30 -0400
On Tue, 20 Sep 2011 12:18:43 +1000, Lists said:


Basic authentication is used as the primary and only authentication 
mechanism for the administrator interface on the device. The basic 
authentication can be bypassed by sending a valid POST request to the 
device without sending any authentication header. The response from the 
device sends the user to another page that requests basic 
authentication, however at this point the request has already been 
processed. 


The.. request.. has.. already.. been.. processed.  *facepalm*. ;)

The most obvious way to screw this up:

        if (request_not_validated())
                send_error_page();
        else
                execute_request();

and somebody forgot the 'else', making the execute a fall-through.
But how does something like that slip through basic testing?

Attachment: _bin
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: