Full Disclosure mailing list archives
Re: Drive-by Pharming Threat
From: <auto400208 () hushmail com>
Date: Mon, 19 Feb 2007 19:15:40 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks. This is what I am struggling with 1. On my firefox I have the router password saved: <iframe src="http://192.168.0.1"> from remote site brings up password manager all nicely filled in, I still have to hit ok <iframe src="http://foo:foo@192.168.0.1"> remote site brings up a security warning do you want to blah blah LINKSYS with foo I haven't seen away around this. 2. I understand setting up a series of iframes for each type of router. What I mean is the vuln in the first instance to get inside the html in order to diddle it. You effectively have remote site scriting to remote sight. Nothing more. Have you tried to do this even locally with your router's index.html (a) you need to find a viable "xss" error entry point, and then achieve this from different domains, and then test each and every router's index.html for the same thing. On top of that you'll need to determine each target browser and adjust accordingly. Frankly the whole vuln sounds far fetched in practice. Certainly not anything "drive by" that I can see. So far. On Mon, 19 Feb 2007 16:48:58 -0500 Andrew Farmer <andfarm () gmail com> wrote:
On 19 Feb 07, at 09:54, <auto400208 () hushmail com> wrote:I am curious as to how one "automatically" logs on?Memorized passwords. Also, if a password is required for a subsidiary resource, the browser will ask the user for it. In IE, at least, a sequence like
the one I describe below will pop up a series of password dialogs if the user attempts to cancel. Most users will eventually try typing
in the correct password to try to make the password dialogs go away.Also when you do reset or change parameters in the router, does it not require a reboot of the router (auto after you hit save), whereby your connection is lost for x amount of time?Depends on the router. It doesn't really matter much, though - once the settings are saved the damage's been done.Also not to mention find a method to cross domains into theroutershtml, for each and every router out there.Try them all at once: <iframe src="http://192.168.0.1/csrf-for-one-router"></iframe> <iframe src="http://192.168.0.1/csrf-for-another-router"></iframe> <iframe src="http://192.168.0.1/csrf-for-a-third-router"></iframe> <iframe src="http://192.168.0.1/csrf-for-a-fourth- router"></iframe> ...
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkXaPacACgkQ8swcuoVgWHBFTgP/eD3Reb/8pgWMGrsgIR8wLPG/bKv6 J7bVvnJTNj7jD9fL+SXaWyf4zmgwh2KepFjDE9rh3hBWxPHWL6B2qHobVBbJEDKYEW8O hDWB6KXUGCsLvemSKjCNJEel3qECXgQjMpNqHctlwQ5i119EfzBYEmuym6EpdNWQfcnv 8HAHcQQ= =O0rH -----END PGP SIGNATURE----- -- Click for online loan, fast & no lender fee, approval today http://tagline.hushmail.com/fc/CAaCXv1QXD1xzTKHDwpaS3VeSycenuZW/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Drive-by Pharming Threat auto400208 (Feb 19)
- Re: Drive-by Pharming Threat Andrew Farmer (Feb 19)
- Re: Drive-by Pharming Threat Martin Johns (Feb 19)
- Re: Drive-by Pharming Threat Gaurang Pandya (Feb 19)
- Re: Drive-by Pharming Threat mikeiscool (Feb 19)
- Re: Drive-by Pharming Threat Gaurang Pandya (Feb 19)
- Re: Drive-by Pharming Threat Andrew Farmer (Feb 19)
- Re: Drive-by Pharming Threat Gaurang Pandya (Feb 19)
- Re: Drive-by Pharming Threat Gaurang Pandya (Feb 19)
- <Possible follow-ups>
- Re: Drive-by Pharming Threat auto400208 (Feb 20)
- Re: Drive-by Pharming Threat auto400208 (Feb 20)