Description: This presentation details an approach by which SQL injection is used to exploit unexposed buffer overflows, yielding remote, root-level access to Netgear wireless routers. Additionally, the same SQL injection can be used to extract arbitrary files, including plain-text passwords, from the file systems of the routers. This presentation guides the audience through the vulnerability discovery and exploitation process, concluding with a live demonstration. In the course of describing several vulnerabilities, I present effective investigation and exploitation techniques of interest to anyone analyzing SOHO routers and other embedded devices.
For More Information please visit : - www.blackhat.com/usa/bh-us-12-speakers.html
Tags: securitytube , hacking , hackers , information security , convention , computer security , blackhat-usa-2012 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.