krahmer at suse
Mar 21, 2007, 2:08 AM
Post #4 of 8
(439 views)
Permalink
|
On Wed, 21 Mar 2007, Saeed Abu Nimeh wrote:
Hi,
This is not very different from the common session riding attacks
happening since ages, except the part after the "vulnerability"
(changing DNS or whatever).
Internal 192.168.x.y <img src=> tags have been used since years to trigger
intranet CGI's and configuration stuff. The possibility to exploit this
with DSL modems and alike is straight forward ;-)
Nice however...
Sebastian
> similar to this:
> http://seclists.org/bugtraq/2007/Feb/0285.html
> We discovered a new potential threat that we term "Drive-by Pharming".
> An attacker can create a web page containing a simple piece of malicious
> JavaScript code. When the page is viewed, the code makes a login attempt
> into the user's home broadband router and attempts to change its DNS
> server settings (e.g., to point the user to an attacker-controlled DNS
> server). Once the user's machine receives the updated DNS settings from
> the router (e.g., after the machine is rebooted) future DNS request are
> made to and resolved by the attacker's DNS server.
>
>
> wangkaig [at] lenovo wrote:
> > Hi guys,
> >
> > I noticed a news recently.Researchers at Indiana University's Department
> > of Computer Science recently released a report outlining a way hackers
> > could potentially access and change the configuration routers on home
> > networks. They described how some JavaScript built into a Web page could
> > be used to log into the administrator account of a home router and change
> > its DNS (define) settings.The Indiana University report points out that
> > this attack doesn't exploit any browser vulnerability, and, more
> > importantly, it seems to work with pretty much any router,rrespective of
> > brand or model.Any idea how to program the javascript to modify the DNS
> > configuration?
> >
> > Best Regards
> >
> >
> >
> > Ken
> >
> >
> >
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer [at] suse - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
|
