On Wed, 21 Mar 2007, Saeed Abu Nimeh wrote: Hi,
This is not very different from the common session riding attacks happening since ages, except the part after the "vulnerability" (changing DNS or whatever). Internal 192.168.x.y <img src=> tags have been used since years to trigger intranet CGI's and configuration stuff. The possibility to exploit this with DSL modems and alike is straight forward ;-) Nice however... Sebastian > similar to this: > http://seclists.org/bugtraq/2007/Feb/0285.html > We discovered a new potential threat that we term "Drive-by Pharming". > An attacker can create a web page containing a simple piece of malicious > JavaScript code. When the page is viewed, the code makes a login attempt > into the user's home broadband router and attempts to change its DNS > server settings (e.g., to point the user to an attacker-controlled DNS > server). Once the user's machine receives the updated DNS settings from > the router (e.g., after the machine is rebooted) future DNS request are > made to and resolved by the attacker's DNS server. > > > [EMAIL PROTECTED] wrote: > > Hi guys, > > > > I noticed a news recently.Researchers at Indiana University's Department > > of Computer Science recently released a report outlining a way hackers > > could potentially access and change the configuration routers on home > > networks. They described how some JavaScript built into a Web page could > > be used to log into the administrator account of a home router and change > > its DNS (define) settings.The Indiana University report points out that > > this attack doesn't exploit any browser vulnerability, and, more > > importantly, it seems to work with pretty much any router,rrespective of > > brand or model.Any idea how to program the javascript to modify the DNS > > configuration? > > > > Best Regards > > > > > > > > Ken > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ [EMAIL PROTECTED] - SuSE Security Team ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
