Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
Cisco RV34X Series – Authentication Bypass and Remote Command Execution
IoT InspectorPosted 4 Years Ago- This router used to have NO authentication on the file upload functionality on
upload.cgi. So, upon fixing this, everything appeared to be okay... - However, the Nginx configuration literally just checks that the authorization header is not NULL. So, passes in any authorization header works just fine. Now, there is an authorization bypass in the file upload functionality. Sometimes, bugs are that easy!
- The cookies field has a command injection when making a call to cURL. So, crafting a malicious cookie (without semi-colons) combined with the authentication bypass above allows for remote compromise of the device. Easy!
