[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linksys WRT54 GL - Session riding (CSRF)

| Isn't your exploit somewhat complicated?  Just put
| | <img
| | on a web page, and trick the victim to visit it while he or she is
| logged into the Cisco router at over HTTP.  This has been
| dubbed "Cross-Site Request Forgery" a couple of years ago, but the
| authors of RFC 2109 were already aware of it in 1997.

With an swf file using php one wouldn't need to trick someone entirely, just hope they don't have a pop up blocker


J. Oquendo

SGFA #579 (FW+VPN v4.1)
SGFE #574 (FW+VPN v4.1)

wget -qO - www.infiltrated.net/sig|perl


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature