Bugtraq mailing list archives

Re: Multiple XSRF in DD-WRT (Remote Root Command Execution)

From: dan.crowley () gmail com
Date: Wed, 10 Dec 2008 19:14:10 -0700

This doesn't look like an XRSF flaw to me, unless this html is supposed to be inserted via some XRSF flaw, in which 
case you've given us a payload with no vulnerability details and no PoC exploit.

Looks like someone from the DD-WRT team has also commented, denying that this is actually a vulnerability.

If you have more details, please do post them.

Current thread:

Multiple XSRF in DD-WRT (Remote Root Command Execution) th3 . r00k . ieatpork (Dec 08)
- <Possible follow-ups>
- Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) s . gottschall (Dec 10)
  - Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) Hanno Böck (Dec 11)
  - Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) David E. Thiel (Dec 11)
  - Re[2]: Multiple XSRF in DD-WRT (Remote Root Command Execution) Vladimir '3APA3A' Dubrovin (Dec 11)
- Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) pUm (Dec 11)
  - Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) Sebastian Gottschall (DD-WRT) (Dec 11)
  - Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) Sebastian Gottschall (DD-WRT) (Dec 11)
    - Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) David E. Thiel (Dec 11)
- Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) dan . crowley (Dec 11)
- Re: Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) dan . crowley (Dec 11)
- Re: Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) 0xjbrown41 (Dec 15)