BugTraq
Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) Dec 10 2008 12:22PM
s gottschall dd-wrt com (3 replies)
Re[2]: Multiple XSRF in DD-WRT (Remote Root Command Execution) Dec 11 2008 09:55AM
Vladimir '3APA3A' Dubrovin (3APA3A SECURITY NNOV RU)
Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) Dec 10 2008 11:51PM
David E. Thiel (lx redundancy redundancy org)
Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) Dec 10 2008 11:42PM
Hanno Böck (hanno hboeck de)
Am Mittwoch 10 Dezember 2008 schrieb s.gottschall (at) dd-wrt (dot) com [email concealed]:
> in fact. just a plain POST to a authenticated dd-wrt session. without
> beeing logged in locally it would not have any effect

That's exactly the problem, as this POST can be triggered from a third-party
webpage via javascript.

You are familiar with Cross Site Request Forgery attacks? Wikipedia gives some
good introduction:
http://en.wikipedia.org/wiki/CSRF

All forms in web applications doing changes that require authentication need
some extra protection to prevent CSRF. Usually this is done by some random
token that may be created out of a random session value stored on the
application site combined with an id of the form. This has to be checked
before any action is executed.

--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail: hanno (at) hboeck (dot) de [email concealed]

http://www.jukss.de/ Jugemdumweltkongress, 27.12.-4.1.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEABECAAYFAklAVAMACgkQr2QksT29OyCdEACeIk/TOGySA+gImzHxe9iuDfqN
z9MAoJl1Kh3hYKtL82TNUbGlTZvprVGu
=M4L+
-----END PGP SIGNATURE-----

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus