Bugtraq mailing list archives
Re: [Full-disclosure] Drive-by Pharming Threat
From: Andrew Farmer <andfarm () gmail com>
Date: Mon, 19 Feb 2007 13:48:58 -0800
On 19 Feb 07, at 09:54, <auto400208 () hushmail com> wrote:
I am curious as to how one "automatically" logs on?
Memorized passwords.Also, if a password is required for a subsidiary resource, the browser will ask the user for it. In IE, at least, a sequence like the one I describe below will pop up a series of password dialogs if the user attempts to cancel. Most users will eventually try typing in the correct password to try to make the password dialogs go away.
Also when you do reset or change parameters in the router, does it not require a reboot of the router (auto after you hit save), whereby your connection is lost for x amount of time?
Depends on the router. It doesn't really matter much, though - once the settings are saved the damage's been done.
Also not to mention find a method to cross domains into the routers html, for each and every router out there.
Try them all at once: <iframe src="http://192.168.0.1/csrf-for-one-router"></iframe> <iframe src="http://192.168.0.1/csrf-for-another-router"></iframe> <iframe src="http://192.168.0.1/csrf-for-a-third-router"></iframe> <iframe src="http://192.168.0.1/csrf-for-a-fourth-router"></iframe> ...
Current thread:
- Drive-by Pharming Threat Zulfikar Ramzan (Feb 15)
- Re: Drive-by Pharming Threat Mark Senior (Feb 16)
- Re: Drive-by Pharming Threat Dennis (Feb 16)
- <Possible follow-ups>
- RE:Drive-by Pharming Threat psirt (Feb 16)
- RE: Drive-by Pharming Threat Memisyazici, Aras (Feb 17)
- Re: Drive-by Pharming Threat Marcello Barnaba (Feb 17)
- Re: Drive-by Pharming Threat Cedric Blancher (Feb 17)
- Re: Drive-by Pharming Threat Marcello Barnaba (Feb 17)
- Re: Drive-by Pharming Threat auto400208 (Feb 20)
- Re: [Full-disclosure] Drive-by Pharming Threat Martin Johns (Feb 20)
- Re: [Full-disclosure] Drive-by Pharming Threat Andrew Farmer (Feb 20)
- Re: Drive-by Pharming Threat Jeremy Saintot (Feb 20)
- Re: Drive-by Pharming Threat hlockhar (Feb 22)
- Re: Drive-by Pharming Threat Mark Senior (Feb 16)