-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks. This is what I am struggling with 1. On my firefox I have the router password saved: <iframe src="http://192.168.0.1";> from remote site brings up password manager all nicely filled in, I still have to hit ok <iframe src="http://foo:foo@xxxxxxxxxxx";> remote site brings up a security warning do you want to blah blah LINKSYS with foo I haven't seen away around this. 2. I understand setting up a series of iframes for each type of router. What I mean is the vuln in the first instance to get inside the html in order to diddle it. You effectively have remote site scriting to remote sight. Nothing more. Have you tried to do this even locally with your router's index.html (a) you need to find a viable "xss" error entry point, and then achieve this from different domains, and then test each and every router's index.html for the same thing. On top of that you'll need to determine each target browser and adjust accordingly. Frankly the whole vuln sounds far fetched in practice. Certainly not anything "drive by" that I can see. So far. On Mon, 19 Feb 2007 16:48:58 -0500 Andrew Farmer <andfarm@xxxxxxxxx> wrote: >On 19 Feb 07, at 09:54, <auto400208@xxxxxxxxxxxx> wrote: >> I am curious as to how one "automatically" logs on? > >Memorized passwords. > >Also, if a password is required for a subsidiary resource, the >browser will ask the user for it. In IE, at least, a sequence like > >the one I describe below will pop up a series of password dialogs >if >the user attempts to cancel. Most users will eventually try typing >in >the correct password to try to make the password dialogs go away. > >> Also when you do reset or >> change parameters in the router, does it not require a reboot of >> the router (auto after you hit save), whereby your connection is >> lost for x amount of time? > >Depends on the router. It doesn't really matter much, though - >once the settings are saved the damage's been done. > >> Also not to mention find a method to cross domains into the >routers >> html, for each and every router out there. > >Try them all at once: > ><iframe src="http://192.168.0.1/csrf-for-one-router";></iframe> ><iframe src="http://192.168.0.1/csrf-for-another-router";></iframe> ><iframe src="http://192.168.0.1/csrf-for-a-third-router";></iframe> ><iframe src="http://192.168.0.1/csrf-for-a-fourth- >router"></iframe> >... -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkXaPacACgkQ8swcuoVgWHBFTgP/eD3Reb/8pgWMGrsgIR8wLPG/bKv6 J7bVvnJTNj7jD9fL+SXaWyf4zmgwh2KepFjDE9rh3hBWxPHWL6B2qHobVBbJEDKYEW8O hDWB6KXUGCsLvemSKjCNJEel3qECXgQjMpNqHctlwQ5i119EfzBYEmuym6EpdNWQfcnv 8HAHcQQ= =O0rH -----END PGP SIGNATURE----- -- Click for online loan, fast & no lender fee, approval today http://tagline.hushmail.com/fc/CAaCXv1QXD1xzTKHDwpaS3VeSycenuZW/
