Explore an advanced exploitation technique in this 45-minute conference talk that demonstrates how SQL injection can be leveraged to exploit hidden buffer overflows, resulting in remote root access to Netgear wireless routers. Learn how the same SQL injection vulnerability can be exploited to extract sensitive files, including plain-text passwords, from router file systems. Follow along as the presenter guides you through the vulnerability discovery and exploitation process, culminating in a live demonstration. Gain valuable insights into effective investigation and exploitation techniques applicable to analyzing SOHO routers and other embedded devices, making this presentation essential for security researchers and penetration testers interested in embedded system vulnerabilities.
Overview
Syllabus
Black Hat USA 2012 - SQL Injection to MIPS Overflows: Rooting SOHO Routers
Taught by
Black Hat