Administrative credentials leaked via SQL injection

Apr 17, 2010 07:00 GMT  ·  By

A Lebanese greyhat hacker reports finding an SQL injection vulnerability in edimax.com. According to him, the flaw can be exploited to extract administrative credentials for all of the hardware manufacturer's websites.

In an e-mail to Softpedia, a self-confessed security enthusiast, who goes by the online moniker of "Idahc," disclosed in-depth information about the security hole on EDIMAX's global website. This data included the vulnerable URL and the exploitable parameter, proof-of-concept attack code, as well as screenshots with information extracted from the underlying database.

SQL injection is an attack technique, which allows data to be read from or written to a database with the credentials of the website it serves. Such attacks result from a failure to properly filter input passed via the URL to certain script parameters.

EDIMAX Technology is a large manufacturer of networking equipment, tailored for both home users and business customers. Headquartered in Taiwan, the company has local offices and localized websites in a large number of countries, spanning on all continents.

All of these websites seem to be based on the same platform, developed by a Taiwanese company called M-W Multimedia Design. Therefore, it is likely that all of them are vulnerable to the Idahc's exploit code. In fact, to demonstrate this, the hacker sent us what he claims to be the login information for the administrator account on edimax.com.cn. "I have all admin and passwords for all sites of EDIMAX," he adds.

If this login information is accurate, we'd like to note that it fails to meet even the most indulgent security standards. The username is easy to guess and so is the 6-character password, which follows a known pattern and would likely fail a brute force guessing attack.

Idahc has found similar vulnerabilities before, in websites belonging to the likes of NASA, the U.S. Army or French telecommunications giant Orange. The hacker previously stressed that even though his penetration testing activity is performed without authorization, he has no malicious intentions with the vulnerabilities he finds.

We have already contacted EDIMAX to report this possible security hole in its Web infrastructure. We are currently awaiting for confirmation, as well as other details about the incident, and we will update our article when/if we get a reply to our request for comment.

Photo Gallery (6 Images)

EDIMAX websites compromised through SQL injection
SQL injection attack against Edimax.com - sample #1SQL injection attack against Edimax.com - sample #2
+3more