Bugtraq mailing list archives

Re: Re: Multiple XSRF in DD-WRT (Remote Root Command Execution)

From: dan.crowley () gmail com
Date: 11 Dec 2008 19:42:58 -0000

Apologies, I understand where the flaw lies now. I thought you meant the XRSF was triggered from within the DD-WRT 
interface.

I don't know how much of an impact this will really have though, I suppose it would depend on how long login sessions 
last on DD-WRT and how often the user logs into their router.

Still, good find!

Current thread:

Multiple XSRF in DD-WRT (Remote Root Command Execution) th3 . r00k . ieatpork (Dec 08)
- <Possible follow-ups>
- Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) s . gottschall (Dec 10)
  - Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) Hanno Böck (Dec 11)
  - Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) David E. Thiel (Dec 11)
  - Re[2]: Multiple XSRF in DD-WRT (Remote Root Command Execution) Vladimir '3APA3A' Dubrovin (Dec 11)
- Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) pUm (Dec 11)
  - Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) Sebastian Gottschall (DD-WRT) (Dec 11)
  - Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) Sebastian Gottschall (DD-WRT) (Dec 11)
    - Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) David E. Thiel (Dec 11)
- Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) dan . crowley (Dec 11)
- Re: Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) dan . crowley (Dec 11)
- Re: Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) 0xjbrown41 (Dec 15)