| Isn't your exploit somewhat complicated? Just put| | <imgsrc="http://192.0.2.1/level/15/configure/-/enable/secret/mypassword"/>| | on a web page, and trick the victim to visit it while he or she is| logged into the Cisco router at 192.0.2.1 over HTTP. This has been | dubbed "Cross-Site Request Forgery" a couple of years ago, but the | authors of RFC 2109 were already aware of it in 1997.
With an swf file using php one wouldn't need to trick someone entirely, just hope they don't have a pop up blocker
http://www.infiltrated.net/nojava.pimp -- ==================================================== J. Oquendo SGFA #579 (FW+VPN v4.1) SGFE #574 (FW+VPN v4.1) wget -qO - www.infiltrated.net/sig|perl http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E
Description: S/MIME Cryptographic Signature