On Wed, 21 Mar 2007, Saeed Abu Nimeh wrote:

Hi,

This is not very different from the common session riding attacks
happening since ages, except the part after the "vulnerability"
(changing DNS or whatever).
Internal 192.168.x.y <img src=> tags have been used since years to trigger
intranet CGI's and configuration stuff. The possibility to exploit this
with DSL modems and alike is straight forward ;-)
Nice however...

Sebastian

> similar to this:
> http://seclists.org/bugtraq/2007/Feb/0285.html
> We discovered a new potential threat that we term "Drive-by Pharming".
> An attacker can create a web page containing a simple piece of malicious
> JavaScript code. When the page is viewed, the code makes a login attempt
> into the user's home broadband router and attempts to change its DNS
> server settings (e.g., to point the user to an attacker-controlled DNS
> server). Once the user's machine receives the updated DNS settings from
> the router (e.g., after the machine is rebooted) future DNS request are
> made to and resolved by the attacker's DNS server.
> 
> 
> [EMAIL PROTECTED] wrote:
> > Hi guys,
> > 
> > I noticed a news recently.Researchers at Indiana University's Department 
> > of Computer Science recently released a report outlining a way hackers 
> > could potentially access and change the configuration routers on home 
> > networks. They described how some JavaScript built into a Web page could 
> > be used to log into the administrator account of a home router and change 
> > its DNS (define) settings.The Indiana University report points out that 
> > this attack doesn't exploit any browser vulnerability, and, more 
> > importantly, it seems to work with pretty much any router,rrespective of 
> > brand or model.Any idea how to program the javascript to modify the DNS 
> > configuration? 
> > 
> > Best Regards 
> > 
> > 
> > 
> > Ken
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > ------------------------------------------------------------------------
> > 
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 

-- 
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ [EMAIL PROTECTED] - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to