| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 18 Feb 2007 20:25:30 -0500 From: "Exibar" <exibar@...lair.com> To: "pagvac" <unknown.pentester@...il.com>, "Fabian \(Lists\)" <lists@...enlayers.org> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [inbox] Re: Drive-by Pharming I feel this whole thing simply serves as a reminder to simply change your default passwords on your devices. REgardless of the type of device, CHANGE THE DEFAULT PASSWORD! Exibar > -----Original Message----- > From: pagvac [mailto:unknown.pentester@...il.com] > Sent: Saturday, February 17, 2007 6:32 PM > To: Fabian (Lists) > Cc: full-disclosure@...ts.grok.org.uk > Subject: [inbox] Re: [Full-disclosure] Drive-by Pharming > > > I'm sorry, this looks to me like plain CSRF against web interfaces of > intranet network devices. If someone knows your router's password > (i.e.: default password) and the router's HTTP requests are NOT > tokenized (vulnerable to CSRF), then an attacker can most certainly do > anything on your behalf by tricking you to visit an evil webpage. > > Changing DNS settings is just one of the many evil things you could > do. Others include changing password to a new one (DoS to legitimate > router admin user), exposing the admin web interface to the Internet, > disabling security, exposing internal hosts to the Internet through > port-forwarding, etc... > > Of course, if the web interface is designed really badly you might not > even need a password to CSRF it. Some of you might recall the CSRF > issue on Linksys WRT54g reported by Ginsu Rabbit back in August 2006 > which allowed you to turn off the security of the device completely. > > Ginsu Rabbit's Advisory: > > http://www.securityfocus.com/archive/1/442452/30/0/threaded > > PoC for the vuln: > > http://ikwt.com/projects/linksys/linksys-unauth-csrf.html > > CSRFing intranet devices research published in the past: > > http://www.whitehatsec.com/home/resources/presentations/files/java script_malware.pdf Am I missing something guys? On 2/16/07, Fabian (Lists) <lists@...enlayers.org> wrote: > Larry Seltzer wrote: > > This "response" doesn't seem to address any Linksys (and therefore > > Cisco) routers, does it? > > Seems so... Maybe because they are not IOS based and therefore not real > "Cisco Routers" as we all know them? > > --Fabian > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- pagvac [http://ikwt.com/] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists