Router Network Hacking Utilizing XSS And CSRF.

A quick update.The router hacking contest goes along really nice. We already got a good list of full blown router hacks. A first analysis tells me that router manufacturers or router network designers live in the security stone-age. Of course they never heard of XSS and CSRF. Who cares, you can't trigger a buffer overflow can ya? While even that statement isn't true: we can trigger buffer overflows with Javascript, but it is not what I want to talk about today. Firstly, I like to talk about my own router. Since that is the easiest way for me. My router has the option to flag Telnet on or off. By default it is blocked, but you can flag it to start listening on port 23. How convenient. The same with FTP which you can flag it on port 21, and yes this is all CSRF-able. Fortunately I did not find any XSS holes yet in this router, and that might leverage a threat in a great deal. For this exploit to work I need to be logged into my router, so it requires a good deal of social engineering to trick me into it. See, all it takes is one tiny XSS vulnerability and people could change my whole router configuration on the fly without me knowing it. Routing traffic away from me, change my DNS settings, port forwarding, access my PC through enabling Telnet and FTP, or just change my router password. I think what we will see with most router issues is that all or most of them will be vulnerable to CSRF. Some will also have XSS holes, and when they do there will be no other option than to trash that router because it's useless and insecure. Other issues are yet to be seen, but it's very exciting so far. I can't wait until the end of the month when all entries are in. Until then: come join us and hack your router!