lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <45DAD745.9020202@free.fr>
Date: Tue, 20 Feb 2007 12:11:01 +0100
From: Jeremy Saintot <jeremy.saintot@...e.fr>
To: auto400208@...hmail.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: Re: Drive-by Pharming Threat

auto400208@...hmail.com wrote:
> I am curious as to how one "automatically" logs on?
> 
> 1. Internet Explorer disallows username:pass@http://192.168.1.0
> 2. Opera has a very clear warning that you are logging on
> 3. Firefox has a very clear warning that you are logging on
> 
> Are there any other methods to log on without any warning? If so
> does it work with Internet Explorer?  Also when you do reset or
> change parameters in the router, does it not require a reboot of
> the router (auto after you hit save), whereby your connection is
> lost for x amount of time?
> 

   I did not test that, but I think some routers use HTML forms to log in to 
the admin panel.  In this case, you should be able to use CSRF with AJAX xhr 
objects, or simple Javascript to auto-submit the form.  Once the browser is 
logged in, it could use the same process and submit forms to change 
configuration settings such as DNS servers (for this attack) and more.

Regards,

Jeremy Saintot

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ