Re: [Full-disclosure] Drive-by Pharming Threat
On 19 Feb 07, at 09:54, <auto400208@xxxxxxxxxxxx> wrote:
I am curious as to how one "automatically" logs on?
Memorized passwords.
Also, if a password is required for a subsidiary resource, the
browser will ask the user for it. In IE, at least, a sequence like
the one I describe below will pop up a series of password dialogs if
the user attempts to cancel. Most users will eventually try typing in
the correct password to try to make the password dialogs go away.
Also when you do reset or
change parameters in the router, does it not require a reboot of
the router (auto after you hit save), whereby your connection is
lost for x amount of time?
Depends on the router. It doesn't really matter much, though -
once the settings are saved the damage's been done.
Also not to mention find a method to cross domains into the routers
html, for each and every router out there.
Try them all at once:
<iframe src="http://192.168.0.1/csrf-for-one-router"></iframe>
<iframe src="http://192.168.0.1/csrf-for-another-router"></iframe>
<iframe src="http://192.168.0.1/csrf-for-a-third-router"></iframe>
<iframe src="http://192.168.0.1/csrf-for-a-fourth-router"></iframe>
...