AOH :: HP Unsorted F :: BU-1988.HTM

Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability



Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability
Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability



=========================================
Yaniv Miron aka "Lament" Advisory March 7, 2010
Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability
=========================================

=====================
I. BACKGROUND
=====================
Based on the company=92s technical expertise and a decade of hands-on experience
in the telecom industry, Friendly=92s solution is a ROBUST, SCALABLE, SECURED,
TELCO GRADE and COST-EFFECTIVE TR-069 solution.
The TR-069 protocol was accepted as the standard for CPE management by the
DSL, WiMAX, NGN / Optical network providers (some Cable operators are
deploying TR-069 as well).

Device Management & Auto Provisioning

Friendly=92s TR-069 solution delivers comprehensive remote management and
auto-provisioning of CPEs that support the TR-069 standard - including modem/routers,
IPTV/ STBs, ATA/VoIP, storage devices, media centers, etc.

http://www.friendly-tech.com/remotemamagment.asp

=====================
II. DESCRIPTION
=====================

The Friendly-Tech FriendlyTR69 CPE Remote Management is prone to SQL injection attacks.

=====================
III. ANALYSIS
=====================

The vulnerability occurs due to insufficient sanitization of user-supplied data when logging onto the FriendlyTR69 CPE Remote Management.

Successful exploitation may result in an attacker obtaining admin access to the FriendlyTR69 CPE Remote Management.

=====================
IV. EXPLOIT
=====================

Username: ' or 1=1--
Password:  ' or 1=1--

=====================
V. DISCLOSURE TIMELINE
=====================

Jan 2009 Vulnerability Found
Jan 2009 Vendor Notification
March 2010 Public Disclosure

=====================
VI. CREDIT
=====================

Yaniv Miron aka "Lament".
lament@ilhack.org 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.