BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//pretalx.com//orangecon-2026//speaker//BVC7DG BEGIN:VEVENT UID:pretalx-orangecon-2026-AAYAZP@pretalx.com DTSTART:20260604T104000Z DTEND:20260604T111000Z DESCRIPTION:A wifi network name that roots your router. A TLS certificate f ield that takes over hosting accounts. A DNS response that lets you disrup t an ISP's routing. Often these do not get the same scrutiny as a URL para meter or a form field.\n\nDNS debug tools\, TLS checkers\, network measure ment platforms\, and router admin interfaces all consume data from protoco l fields that were never designed for a browser. Many do not treat that da ta as untrusted input. When these tools share a trust boundary with someth ing critical\, that oversight has consequences.\n\nThis talk presents a sy stematic exploration of injection vulnerabilities across DNS\, TLS\, HTTP\ , WHOIS\, IRR\, wifi\, and radio protocol fields\, and traces what happens when they reach sensitive systems. The findings range from full account t akeover on hosting customer portals to persistent root access on OpenWRT r outers. At the more alarming end: disrupting an ISP's routing via a single non-suspicious link to their network admin. None of it required exotic te chniques. The payloads are textbook XSS. Their locations and the escalatio ns are not.\n\nThe individual vulnerabilities are numerous\, but they aren 't the most interesting part. The pattern is: protocol field data is routi nely excluded from the security model of the tools that render it. The sam e mistake\, in slightly different form\, showed up independently across ho sting providers\, internet registries\, and router firmware\, built by ind ependent teams with no shared code.\n\nThis talk starts mildly entertainin g and gets progressively less so. DTSTAMP:20260525T192624Z LOCATION:Track 2 SUMMARY:Strange Inputs\, Critical outputs: Attacking Infrastructure Through Innocuous Network Protocol Fields - Sasha Romijn URL:https://pretalx.com/orangecon-2026/talk/AAYAZP/ END:VEVENT END:VCALENDAR