Re: Linksys WRT54 GL - Session riding (CSRF)

To: Tomaz <tomaz.bratusa@xxxxxxxxxxxxxx>
Subject: Re: Linksys WRT54 GL - Session riding (CSRF)
From: "J. Oquendo" <sil@xxxxxxxxxxxxxxx>
Date: Mon, 14 Jan 2008 12:31:41 -0500
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <008b01c8567d$f92c4d30$0201010a@zuffa4263035f7>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <008b01c8567d$f92c4d30$0201010a@zuffa4263035f7>
User-agent: Thunderbird 2.0.0.9 (Windows/20071031)

| Isn't your exploit somewhat complicated?  Just put

|| <img

src="http://192.0.2.1/level/15/configure/-/enable/secret/mypassword"/>

|| on a web page, and trick the victim to visit it while he or she is

| logged into the Cisco router at 192.0.2.1 over HTTP.  This has been
| dubbed "Cross-Site Request Forgery" a couple of years ago, but the
| authors of RFC 2109 were already aware of it in 1997.

With an swf file using php one wouldn't need to trick someone entirely,just hope they don't have a pop up blocker



http://www.infiltrated.net/nojava.pimp

--
====================================================
J. Oquendo

SGFA #579 (FW+VPN v4.1)
SGFE #574 (FW+VPN v4.1)

wget -qO - www.infiltrated.net/sig|perl

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- RE: Linksys WRT54 GL - Session riding (CSRF)
  - From: Tomaz

Prev by Date: Re: what is this?
Next by Date: Re: Buffer-overflow in Quicktime Player 7.3.1.70
Previous by thread: RE: Linksys WRT54 GL - Session riding (CSRF)
Next by thread: Re: Linksys WRT54 GL - Session riding (CSRF)
Index(es):
- Date
- Thread