lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <201506131414.t5DEEwLN025558@sf01web1.securityfocus.com>
Date: Sat, 13 Jun 2015 14:14:58 GMT
From: sudson08@...il.com
To: bugtraq@...urityfocus.com
Subject: Buffer Overflow in My Wifi Router Software

Hi there,

I have seen a buffer overflow in My Wifi Router software version 1.0

The link of the software is available :- http://mywifirouter.software.informer.com/1.0/

Exploit :-  After running the software you will see two places to enter details i.e "Hotspot Name" and "Password".

To exploit this issue you have to enter Hotspot name more than 30 characters. which will force the OS exception handler to kick in and close the software. 

I have analyzed this issue via immunity debugger and found that EDI Register gets overwritten with A's which can be further used for exploitation

Thanks and Regards,
Sudhakar Dwivedi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ