I feel this whole thing simply serves as a reminder to simply change your default passwords on your devices. REgardless of the type of device, CHANGE THE DEFAULT PASSWORD!
Exibar > -----Original Message----- > From: pagvac [mailto:[EMAIL PROTECTED] > Sent: Saturday, February 17, 2007 6:32 PM > To: Fabian (Lists) > Cc: [email protected] > Subject: [inbox] Re: [Full-disclosure] Drive-by Pharming > > > I'm sorry, this looks to me like plain CSRF against web interfaces of > intranet network devices. If someone knows your router's password > (i.e.: default password) and the router's HTTP requests are NOT > tokenized (vulnerable to CSRF), then an attacker can most certainly do > anything on your behalf by tricking you to visit an evil webpage. > > Changing DNS settings is just one of the many evil things you could > do. Others include changing password to a new one (DoS to legitimate > router admin user), exposing the admin web interface to the Internet, > disabling security, exposing internal hosts to the Internet through > port-forwarding, etc... > > Of course, if the web interface is designed really badly you might not > even need a password to CSRF it. Some of you might recall the CSRF > issue on Linksys WRT54g reported by Ginsu Rabbit back in August 2006 > which allowed you to turn off the security of the device completely. > > Ginsu Rabbit's Advisory: > > http://www.securityfocus.com/archive/1/442452/30/0/threaded > > PoC for the vuln: > > http://ikwt.com/projects/linksys/linksys-unauth-csrf.html > > CSRFing intranet devices research published in the past: > > http://www.whitehatsec.com/home/resources/presentations/files/java script_malware.pdf Am I missing something guys? On 2/16/07, Fabian (Lists) <[EMAIL PROTECTED]> wrote: > Larry Seltzer wrote: > > This "response" doesn't seem to address any Linksys (and therefore > > Cisco) routers, does it? > > Seems so... Maybe because they are not IOS based and therefore not real > "Cisco Routers" as we all know them? > > --Fabian > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- pagvac [http://ikwt.com/] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
