Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Newest hacks
From: Sebastian Krahmer <krahmer () suse de>
Date: Wed, 21 Mar 2007 10:08:48 +0100 (CET)

On Wed, 21 Mar 2007, Saeed Abu Nimeh wrote:

Hi,

This is not very different from the common session riding attacks
happening since ages, except the part after the "vulnerability"
(changing DNS or whatever).
Internal 192.168.x.y <img src=> tags have been used since years to trigger
intranet CGI's and configuration stuff. The possibility to exploit this
with DSL modems and alike is straight forward ;-)
Nice however...

Sebastian

similar to this:
http://seclists.org/bugtraq/2007/Feb/0285.html
We discovered a new potential threat that we term "Drive-by Pharming".
An attacker can create a web page containing a simple piece of malicious
JavaScript code. When the page is viewed, the code makes a login attempt
into the user's home broadband router and attempts to change its DNS
server settings (e.g., to point the user to an attacker-controlled DNS
server). Once the user's machine receives the updated DNS settings from
the router (e.g., after the machine is rebooted) future DNS request are
made to and resolved by the attacker's DNS server.


wangkaig () lenovo com wrote:
Hi guys,

I noticed a news recently.Researchers at Indiana University's Department 
of Computer Science recently released a report outlining a way hackers 
could potentially access and change the configuration routers on home 
networks. They described how some JavaScript built into a Web page could 
be used to log into the administrator account of a home router and change 
its DNS (define) settings.The Indiana University report points out that 
this attack doesn't exploit any browser vulnerability, and, more 
importantly, it seems to work with pretty much any router,rrespective of 
brand or model.Any idea how to program the javascript to modify the DNS 
configuration? 

Best Regards 



Ken







------------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


-- 
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault