|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Multiple XSRF in DD-WRT (Remote Root Command Execution)
s.gottschall
dd-wrt.com
Date: Wed Dec 10 2008 - 06:22:56 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
this is no security flaw since you must be already logged in within the webinterface of dd-wrt. otherwise this here will not work. we already fixed this issue in our sourcetree
as additional information. this is no dd-wrt specific issue. all other firmware like openwrt etc. would suffer from it too.
in fact. just a plain POST to a authenticated dd-wrt session. without beeing logged in locally it would not have any effect
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]