Seemingly Insignificant SQL Injections Lead To Rooted Routers – Dark Reading

Black Hat researcher to show how vulnerable databases with temporary router information can lead to root-level access of Netgear routers   ..Seemingly Insignificant SQL Injections Lead To Rooted Routers – Dark Reading.

Add a system information page to DD-WRT

Want to have fun with an older router that is virtually ‘unbrickable’ .  The Airlink 101 670w can be purchased for under $25.00 and if you do brick it, you can unplug it and hold down the reset for 30 seconds when powering it on.  This will bring up an emergency web server under   You can upload your standard DD-WRT and bring it back to life.

This tweak is called MyPage and the code is credited to the talented folks at DD-WRT.   For a list of routers you that are DD-WRT compatible, visit   DD-WRT is an opensource firmware designed for dozens of routers (flash on your own) allowing routers to be really tweaked out.

MyPage offers system information and can be customized by editing the pages (add links etc).   This will work with other routers and not just the Airlink 101.

How do you install MyPage?  You’ll need to add telnet to your computer, download WinSCP and the code from here.

Enable SSH and Telnet on your router

Download the file from here (note the instructions are not the same as in the forum)

Extract the contents using winrar to a folder on your desktop

Enable Telnet Client on Windows 7 under program (features)

Download WinSCP (Change to SSH when connecting – port 22) install and connect.  You should then transfer the files and folders to a www folder under the tmp directory using WinSCP.

Open a command prompt and type telnet yourrouter’s ip
enter the user name and password and type in the commands below that are in bold

DD-WRT v24-sp2 std (c) 2010 NewMedia-NET GmbH
Release: 12/24/10 (SVN revision: 15962)

DD-WRT login: root

DD-WRT v24-sp2

BusyBox v1.13.4 (2010-12-24 11:29:14 CET) built-in shell (ash)
Enter ‘help’ for a list of built-in commands.

The command below is one line

nvram set mypage_scripts=”/opt/www/ /opt/www/ /opt/www/ /opt/www/ /opt/www/ /opt/www/ /opt/www/ /opt/www/
/opt/www/ /opt/www/ /opt/www/ /opt/www/”

nvram commit

root@DD-WRT:~# chdir /tmp
root@DD-WRT:/tmp# chdir www
root@DD-WRT:/tmp/www# chdir setup
root@DD-WRT:/tmp/www/setup# chmod 755 *.sh
root@DD-WRT:/tmp/www/setup# chmod 755 *.asp
root@DD-WRT:/tmp/www/setup# ./

root@DD-WRT:/tmp/www/setup# ./ /tmp/www n y y n y y n n

This will complete the setup.

Login to your router and enjoy!

You can also add an external drive to DD-WRT