DSM-G600, DNS-3xx and NSA-220 Hack Forum
Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
Announcement
IRC Channel #funplug on irc.freenode.org
#51 2008-06-05 16:45:01
- bspvette86
- Member
- Registered: 2008-05-09
- Posts: 81
Re: a look at webs https
bq041 wrote:
Everyone needs to stop and take a step back for a moment. You are preaching from a priveliged standpoint. For most users, this is secure..
You are reading way too much into my posts. I am only trying to point out that this is a valid concern.
Cheers! 
bspvette
Offline
#52 2008-06-07 04:17:41
- bq041
- Member
- From: USA
- Registered: 2008-03-19
- Posts: 709
Re: a look at webs https
Oh, yeah, one more thing. This exploit does not work on my unit with F/W 1.04, only on the one with 1.05.
DNS-323 F/W: 1.04b84 H/W: A1 ffp: 0.5 Drives: 2X 400 GB Seagate SATA-300
DNS-323 F/W: 1.05b28 H/W: B1 ffp: 0.5 Drives: 2X 1 TB WD SATA-300
DSM-G600 F/W: 1.02 H/W: B Drive: 500 GB WD ATA
Offline
#53 2008-06-11 12:10:40
- SilentException
- Member
- From: Island of Krk, Croatia
- Registered: 2008-05-04
- Posts: 148
Re: a look at webs https
This issue is being looked into by product management.
this is a quote from the official d-link forum. finally, seems we're getting somewhere 
thanks for reporting bq041, i had few more ppl report that directory traversal problem indeed does not work on 1.4. but, you can still read files in /web (private key and ddns.conf and some others)
D-Link DNS-323 v1.05 fun_plug-ed + many mods, 2 x 320GB Seagate Barracuda 7200.10 RAID0, Cat6 Gigabit Network, 9k Jumbo Frames, Average (WRITE): 19,32 MB/sec, Average (READ): 28,6 MB/sec
Offline
#54 2008-06-26 00:23:20
- KyleK
- Member
- From: Dresden, Germany
- Registered: 2007-12-05
- Posts: 1178
Re: a look at webs https
Fyi, for the CH3SNAS owners, I'm expecting a new firmware for the device next week fixing the issue discussed here.
If so, hats off to Conceptronic for great support!
Offline