<<< Date Index >>>     <<< Thread Index >>>

Re: [Full-disclosure] Drive-by Pharming Threat



On 19 Feb 07, at 09:54, <auto400208@xxxxxxxxxxxx> wrote:
I am curious as to how one "automatically" logs on?

Memorized passwords.

Also, if a password is required for a subsidiary resource, the browser will ask the user for it. In IE, at least, a sequence like the one I describe below will pop up a series of password dialogs if the user attempts to cancel. Most users will eventually try typing in the correct password to try to make the password dialogs go away.

Also when you do reset or
change parameters in the router, does it not require a reboot of
the router (auto after you hit save), whereby your connection is
lost for x amount of time?

Depends on the router. It doesn't really matter much, though -
once the settings are saved the damage's been done.

Also not to mention find a method to cross domains into the routers
html, for each and every router out there.

Try them all at once:

<iframe src="http://192.168.0.1/csrf-for-one-router";></iframe>
<iframe src="http://192.168.0.1/csrf-for-another-router";></iframe>
<iframe src="http://192.168.0.1/csrf-for-a-third-router";></iframe>
<iframe src="http://192.168.0.1/csrf-for-a-fourth-router";></iframe>
...