Bugtraq mailing list archives

Re: Linksys WRT54 GL - Session riding (CSRF)

From: "J. Oquendo" <sil () infiltrated net>
Date: Mon, 14 Jan 2008 12:31:41 -0500

| Isn't your exploit somewhat complicated?  Just put

|| <img

src="http://192.0.2.1/level/15/configure/-/enable/secret/mypassword"/>

|| on a web page, and trick the victim to visit it while he or she is

| logged into the Cisco router at 192.0.2.1 over HTTP.  This has been
| dubbed "Cross-Site Request Forgery" a couple of years ago, but the
| authors of RFC 2109 were already aware of it in 1997.

With an swf file using php one wouldn't need to trick someone entirely,just hope they don't have a pop up blocker



http://www.infiltrated.net/nojava.pimp

--
====================================================
J. Oquendo

SGFA #579 (FW+VPN v4.1)
SGFE #574 (FW+VPN v4.1)

wget -qO - www.infiltrated.net/sig|perl

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Current thread:

Linksys WRT54 GL - Session riding (CSRF) tomaz . bratusa (Jan 07)
- Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp (Jan 07)
- Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp (Jan 07)
- Re: Linksys WRT54 GL - Session riding (CSRF) Florian Weimer (Jan 11)
  - RE: Linksys WRT54 GL - Session riding (CSRF) Tomaz (Jan 14)
    - Re: Linksys WRT54 GL - Session riding (CSRF) J. Oquendo (Jan 14)
    - Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp (Jan 15)
    - Re: Linksys WRT54 GL - Session riding (CSRF) Valdis . Kletnieks (Jan 15)
- <Possible follow-ups>
- Re: Linksys WRT54 GL - Session riding (CSRF) Daniel Weber (Jan 15)