lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20070220001540.EE586DA84C@mailserver8.hushmail.com>
Date: Mon, 19 Feb 2007 19:15:40 -0500
From: <auto400208@...hmail.com>
To: <andfarm@...il.com>
Cc: <bugtraq@...urityfocus.com>, <full-disclosure@...ts.grok.org.uk>
Subject: Re: [Full-disclosure] Drive-by Pharming Threat

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks.

This is what I am struggling with

1. On my firefox I have the router password saved:

<iframe src="http://192.168.0.1">  from remote site brings up
password manager all nicely filled in, I still have to hit ok

<iframe src="http://foo:foo@....168.0.1"> remote site brings up a
security warning do you want to blah blah LINKSYS with foo

I haven't seen away around this.

2. I understand setting up a series of iframes for each type of
router. What I mean is the vuln in the first instance to get inside
the html in order to diddle it. You effectively have remote site
scriting to remote sight. Nothing more. Have you tried to do this
even locally with your router's index.html (a) you need to find a
viable "xss" error entry point, and then achieve this from
different domains, and then test each and every router's index.html
for the same thing. On top of that you'll need to determine each
target browser and adjust accordingly.

Frankly the whole vuln sounds far fetched in practice. Certainly
not anything "drive by" that I can see. So far.

On Mon, 19 Feb 2007 16:48:58 -0500 Andrew Farmer
<andfarm@...il.com> wrote:
>On 19 Feb 07, at 09:54, <auto400208@...hmail.com> wrote:
>> I am curious as to how one "automatically" logs on?
>
>Memorized passwords.
>
>Also, if a password is required for a subsidiary resource, the
>browser will ask the user for it. In IE, at least, a sequence like

>
>the one I describe below will pop up a series of password dialogs
>if
>the user attempts to cancel. Most users will eventually try typing

>in
>the correct password to try to make the password dialogs go away.
>
>> Also when you do reset or
>> change parameters in the router, does it not require a reboot of
>> the router (auto after you hit save), whereby your connection is
>> lost for x amount of time?
>
>Depends on the router. It doesn't really matter much, though -
>once the settings are saved the damage's been done.
>
>> Also not to mention find a method to cross domains into the
>routers
>> html, for each and every router out there.
>
>Try them all at once:
>
><iframe src="http://192.168.0.1/csrf-for-one-router"></iframe>
><iframe src="http://192.168.0.1/csrf-for-another-router"></iframe>
><iframe src="http://192.168.0.1/csrf-for-a-third-router"></iframe>
><iframe src="http://192.168.0.1/csrf-for-a-fourth-
>router"></iframe>
>...
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkXaPacACgkQ8swcuoVgWHBFTgP/eD3Reb/8pgWMGrsgIR8wLPG/bKv6
J7bVvnJTNj7jD9fL+SXaWyf4zmgwh2KepFjDE9rh3hBWxPHWL6B2qHobVBbJEDKYEW8O
hDWB6KXUGCsLvemSKjCNJEel3qECXgQjMpNqHctlwQ5i119EfzBYEmuym6EpdNWQfcnv
8HAHcQQ=
=O0rH
-----END PGP SIGNATURE-----



--
Click for online loan, fast & no lender fee, approval today
http://tagline.hushmail.com/fc/CAaCXv1QXD1xzTKHDwpaS3VeSycenuZW/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ