> | Isn't your exploit somewhat complicated? Just put
> |
> | <img
> src="http://192.0.2.1/level/15/configure/-/enable/secret/mypassword"/>
> |
> | on a web page, and trick the victim to visit it while he or she is
> | logged into the Cisco router at 192.0.2.1 over HTTP. This has been
> | dubbed "Cross-Site Request Forgery" a couple of years ago, but the
> | authors of RFC 2109 were already aware of it in 1997.

With an swf file using php one wouldn't need to trick someone entirely,
just hope they don't have a pop up blocker

http://www.infiltrated.net/nojava.pimp

--
====================================================
J. Oquendo

SGFA #579 (FW+VPN v4.1)
SGFE #574 (FW+VPN v4.1)

wget -qO - www.infiltrated.net/sig|perl

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E

0? *?H?÷

 ?0?

10 +0? *?H?÷


 ?0??0?r 
'ôêôz?Än»n©0
 *?H?÷


0o10 USE10U
AddTrust AB1&0$UAddTrust External TTP Network1"0 UAddTrust External CA Root0
050607080910Z
200530104838Z0®10 UUS10 UUT10USalt Lake City10U
The USERTRUST Network1!0Uhttp://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Email0?
"0
 *?H?÷



?
0?

?

²9?¤ò}«A;bF7®ÍÁ`u¼9eùJG¢¹ÌHÌj?ÕM5¹¤BåÎIâ?/|Ò1ÇN´?d.)Õ¢dÄ?½?Q5y¤
Nh{z¤?¨ò?ò?Ìɤ2?»O0½? ?ån¢Fúx¼¢o«Y^¥/ÏÊÚmª/묡³jª·.g5?yái?âæFÍ ¥ê¾Îv:z?êüÚ'[=s"æHaÆ
Lói±¨.¶Ô1 ,¼???¤¥×?CüZ¯q×YÚº?
¯úóáÂð¤Åg?ÖÖT:Þ
¤ºw³eÈýÓtbªÊh?¡?~õGeËøMW(tÒ4ÿ0¶îöb0?,ë

£á0Þ0U#0?­½?z4´
&÷úÄ&Tï½à$ËT0U??g}ĝ&pK´PH|Þ=®n}0U

ÿ
0U

ÿ
0

ÿ0{Ut0r08 6 4?2http://crl.comodoca.com/AddTrustExternalCARoot.c
rl06 4 2?0http://crl.comodo.net/AddTrustExternalCARoot.crl0
 *?H?÷


?

Ø?o(¬¦¢ç?Á?Û~¡ýóâð
©?TBk? Ä mא?fyCqüøo¯ÛvEâ7=ÝäYx¬ô?FózÏ[?r-åFÁº)óËIy?<ºm¤mhO­r6¨¹±ý¿Ï
ð¤j?5PÏmU±ÝY0Jßm ?dI|ï6»ôãiôø9Z­K?:·íÓÏ
D¢û¿ä/p?%ûZT³Ðļmûs2,é??$-Ö?zhP?MéÌõ»gèÜ.;üNÍþ?ã¨
¥&DeéòMR§®Ü>Êk2\Alþõ] êÿÑú??Xm=?Gåþ.?ÂÌ?¡ò»0?;0?# 
Çê
æ¦yâ²?ó
ójWÀ0
 *?H?÷


0®10 UUS10 UUT10USalt Lake City10U
The USERTRUST Network1!0Uhttp://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Email0
071009000000Z
081008235959Z0Ù1503U,Comodo Trust Network - PERSONA NOT VALIDATED1F0DU=Terms and Conditions of use: http://www.comodo.net/repository10U(c)2003 Comodo Limited10U
J. Oquendo1"0  *?H?÷


sil (at) infiltrated (dot) net0 [email concealed]?
"0
 *?H?÷



?
0?

?

¼Î?ÁL{ÐocÂùfÄ5j?¼lRë*ZpâA5&ØÇ*z??¤u?¤d_±mAV,p!2
Ã1àE]£ O,'ÈÖd©µØå¹A!ñj?+*n»X®6᳦T¯VMk?Wm­»[Y¥í+a¥KÍv§Ë̽~,/rVÁ*?µ?L¬þëäl¾
??¹Ú¡|´,³fyýQÅá.Z±<?âêgöÎË_?- =´Ú?}×D?1?_°¼S?ª¦3Q
¹¸«Æ£Í?iWOÕáXæ?¹«8æíÙ`¼§õ#Fæ?µé;.|.ÎOR`?tH?

£?%0?!0U
#0???g}ĝ&pK´PH|Þ=®n}0UÏN#ÍÙ?jÉË/º:Ã?ðd]x0U

ÿ
 0U

ÿ00 U%0+
+

²1
0 `?H
?øB

 0FU ?0=0;+

²1



0+0)+

https://secure.comodo.net/CPS0¥U0?0
L J H?Fhttp://crl.comodoca.com/UTN-USERFirst-ClientAuthenticationandEmai
l.crl0J H F?Dhttp://crl.comodo.net/UTN-USERFirst-ClientAuthenticationand
Email.crl0|+


p0n06+
0?*http://crt.comodoca.com/UTNAAACli
entCA.crt04+
0?(http://crt.comodo.net/UTNAAAClientCA.crt0U
0sil (at) infiltrated (dot) net0 [email concealed]
 *?H?÷


?

¿¦ÃÆ3GL§7
x4?ÞõE"`¡Èw?R!gµE]nËÙLíh¹uOÒö%?Ùdâ??ÚJ¼(WnZ?·×Naëù+1( qiÔªE
ûOµ <a( k?á¢loq[éô?uZ´gÊ˳ -0ïZÅÛZ$HQØ<??ÐæêaMiB?,P½ fu©ZðØë­aùv%IÀ8???¤_AÀ@_Õõãè(
ÿqÁ#mñÔ¯?÷,!?"¡??®é£2rañgúf Ö>ú??.R=Äi~ëä¤V#?ÉTpc꣰$ ??taupNt¬& ïfÎh??rZøÌ ?0?;0?# 
Çê
æ¦yâ²?óójWÀ0
 *?H?÷


0®10 UUS10 UUT10USalt Lake City10U
The USERTRUST Network1!0Uhttp://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Email0
071009000000Z
081008235959Z0Ù1503U,Comodo Trust Network - PERSONA NOT VALIDATED1F0DU=Terms and Conditions of use: http://www.comodo.net/repository10U(c)2003 Comodo Limited10U
J. Oquendo1"0  *?H?÷


sil (at) infiltrated (dot) net0 [email concealed]?
"0
 *?H?÷



?
0?

?

¼Î?ÁL{ÐocÂùfÄ5j?¼lRë*ZpâA5&ØÇ*z??¤u?¤d_±mAV,p!2
Ã1àE]£ O,'ÈÖd©µØå¹A!ñj?+*n»X®6᳦T¯VMk?Wm­»[Y¥í+a¥KÍv§Ë̽~,/rVÁ*?µ?L¬þëäl¾
??¹Ú¡|´,³fyýQÅá.Z±<?âêgöÎË_?- =´Ú?}×D?1?_°¼S?ª¦3Q
¹¸«Æ£Í?iWOÕáXæ?¹«8æíÙ`¼§õ#Fæ?µé;.|.ÎOR`?tH?

£?%0?!0U
#0???g}ĝ&pK´PH|Þ=®n}0UÏN#ÍÙ?jÉË/º:Ã?ðd]x0U

ÿ
 0U

ÿ00 U%0+
+

²1
0 `?H
?øB

 0FU ?0=0;+

²1



0+0)+

https://secure.comodo.net/CPS0¥U0?0
L J H?Fhttp://crl.comodoca.com/UTN-USERFirst-ClientAuthenticationandEmai
l.crl0J H F?Dhttp://crl.comodo.net/UTN-USERFirst-ClientAuthenticationand
Email.crl0|+


p0n06+
0?*http://crt.comodoca.com/UTNAAACli
entCA.crt04+
0?(http://crt.comodo.net/UTNAAAClientCA.crt0U
0sil (at) infiltrated (dot) net0 [email concealed]
 *?H?÷


?

¿¦ÃÆ3GL§7
x4?ÞõE"`¡Èw?R!gµE]nËÙLíh¹uOÒö%?Ùdâ??ÚJ¼(WnZ?·×Naëù+1( qiÔªE
ûOµ <a( k?á¢loq[éô?uZ´gÊ˳ -0ïZÅÛZ$HQØ<??ÐæêaMiB?,P½ fu©ZðØë­aùv%IÀ8???¤_AÀ@_Õõãè(
ÿqÁ#mñÔ¯?÷,!?"¡??®é£2rañgúf Ö>ú??.R=Äi~ëä¤V#?ÉTpc꣰$ ??taupNt¬& ïfÎh??rZøÌ ?1?S0?O

0Ä0®10 UUS10 UUT10USalt Lake City10U
The USERTRUST Network1!0Uhttp://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and EmailÇê
æ¦yâ²?óójWÀ0 + ?c0 *?H?÷

1 *?H?÷


0 *?H?÷

1
080114173141Z0# *?H?÷

1?³óüí?7¢éi+??_Û0Èì0R *?H?÷

1E0C0
*?H?÷
0*?H?÷
?0
*?H?÷

@0+0
*?H?÷

(0Õ +

?71Ç0Ä0®10 UUS10 UUT10USalt Lake City10U
The USERTRUST Network1!0Uhttp://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and EmailÇê
æ¦yâ²?óójWÀ0×*?H?÷

1Ç Ä0®10 UUS10 UUT10USalt Lake City10U
The USERTRUST Network1!0Uhttp://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and EmailÇê
æ¦yâ²?óójWÀ0
 *?H?÷



?
¥MùVá¾BB?)Éa?0·?O)?spnû
Âs#xtû:d?ÿM`?ðºlý_})Z:à?ÁÑyè?|=??m1buf¢Ã/ãtM×ܨ?tDR¸¼?r´<¢\;0cÚ??
¦>ð6á)µìB\1ß?cR+f|¼WÓ¹u£ª?B?ª?óìvI>´?d3?Ïf+ÅýæH¤·åþ??ØFõ¥ÔN¯?©?ËåÐ
FפÚ7ù.CüQA?oH@ãݱr'Ev8DüD9ß[sþÉQ2ñnÇJãñüh6hÞ~¨?TÏ\Þ^¹É8V?j
&~©ûXzFÉ©jÃ

[ reply ]