SecurityvulnsSECURITYVULNS:DOC:13997DoS 2wire Gateway
[Refer:http://www.mexhackteam.org/prethoonker/DoS_ADV_2Wire.txt]
#################################################### << Denegation of Service >>
2 w i r e G a t e w a y
Preth00nker [at] gmail [dot] com
BY PRETH00NKER
http://mexhackteam.org
Special dedication for my friends of:
< < http://www.elhacker.net > >
######################################################
[ Introduction ]
(*) 2wire Gateway User Interface: It Work with the Modems / Routers
of 2Wire, Inc., it take the work out of manage a local network.
the Users see important information about the DSL connection,
devices on the network, firewall logs, and more. Optional notification
features let users know if there is a problem and guides them to a fix.
(*) CRLF: It's a special character or sequence of characters
signifying the end of a line of text.
[Char] [ Complete name ] [Hex] [ascii]
CR = Carriage Return = \0A = 10
LF = Line_Feed = \0D = 13
[ Explanation ]
When a evil request is maked and sended at 2wire Webserver
and this can't process the request, result as a Denegation
of service (DoS).
The error comes at the moment of include a End_of_line (CRLF)
into any variable, when we're using a GET method it's
imposible (inside a normal situation), but, it's really true?..
[ PoC ]
http://www.mexhackteam.org/prethoonker/DoS%20%20.cpp