SQL INJECTION TO MIPS OVERFLOWS: ROOTING SOHO ROUTERS presented at BlackHat USA 2012

by Zachary Cutlip,

Tags: Buffer Overflows Exploitation SQL Injection

Summary : This presentation details an approach by which SQL injection is used to exploit unexposed buffer overflows, yielding remote, root-level access to Netgear wireless routers. Additionally, the same SQL injection can be used to extract arbitrary files, including plain-text passwords, from the file systems of the routers. This presentation guides the audience through the vulnerability discovery and exploitation process, concluding with a live demonstration. In the course of describing several vulnerabilities, I present effective investigation and exploitation techniques of interest to anyone analyzing SOHO routers and other embedded devices.