Hi, 
Guest
Pic
Sign In

websecurity@lists.webappsec.org

The Web Security Mailing List

View all threads

CSRF Attacks on Network Devices

M
MustLive
Thu, Feb 23, 2012 9:55 PM

Hello participants of Mailing List.

In April 2011 I've published to the list my article "Attacks on unprotected
login forms"
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-April/007773.html).
In this article I've told you about different possible attacks on login
forms. Such attacks can be conducted on login forms of web applications,
including the control panels of network devices. And in 2011, besides
disclosing many vulnerabilities in different web applications concerned with
authentication forms, I've also disclosed many vulnerabilities in network
devices, such as routers and Wi-Fi access points.

One of the attacks on login form, which I've describe in the article - it's
CSRF attack for remote login. The attackers can use it to make sure, that
the victim is logged into the control panel for making further attacks on
different functionalities of the control panel. And during my disclosures of
vulnerabilities in network devices I showed such examples of CSRF holes in
login forms of the control panels of these devices (in my article I
mentioned that almost all network devices can be vulnerable to such CSRF,
like a lot of them are vulnerable to CSRF inside of the control panel).

And in my new article I've described this topic in details (with examples of
attacks on vulnerabilities in real network devices). So for everyone who is
interested in this topic I want to inform, that last week in the magazine
PenTest Extra 02/2012 was released my new article CSRF Attacks on Network
Devices (http://pentestmag.com/pentestextra02_2012/).

I've described two scenarios of the attacks and showed exploits for them. In
the first scenario the attacker will do part of the actions remotely and
part manually in admin panel, and in the second scenario the attacker will
do all the actions remotely.

You can download a teaser of this issue of the magazine with my article
(http://websecurity.com.ua/uploads/articles/PenTestExtra_02_2012_Teasers.pdf).
There is a fragment of the article in it and you can read full version of
the article in the magazine. I hope it will be interesting for you.

As you can see, guys and gals, starting from this year I've moved to publish
my articles in PenTest magazine, and so minimized publications of my
articles to the list ;-). It can be good for some readers of the list, but
from other side, it will be good for the readers of the magazine.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Hello participants of Mailing List. In April 2011 I've published to the list my article "Attacks on unprotected login forms" (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-April/007773.html). In this article I've told you about different possible attacks on login forms. Such attacks can be conducted on login forms of web applications, including the control panels of network devices. And in 2011, besides disclosing many vulnerabilities in different web applications concerned with authentication forms, I've also disclosed many vulnerabilities in network devices, such as routers and Wi-Fi access points. One of the attacks on login form, which I've describe in the article - it's CSRF attack for remote login. The attackers can use it to make sure, that the victim is logged into the control panel for making further attacks on different functionalities of the control panel. And during my disclosures of vulnerabilities in network devices I showed such examples of CSRF holes in login forms of the control panels of these devices (in my article I mentioned that almost all network devices can be vulnerable to such CSRF, like a lot of them are vulnerable to CSRF inside of the control panel). And in my new article I've described this topic in details (with examples of attacks on vulnerabilities in real network devices). So for everyone who is interested in this topic I want to inform, that last week in the magazine PenTest Extra 02/2012 was released my new article CSRF Attacks on Network Devices (http://pentestmag.com/pentestextra02_2012/). I've described two scenarios of the attacks and showed exploits for them. In the first scenario the attacker will do part of the actions remotely and part manually in admin panel, and in the second scenario the attacker will do all the actions remotely. You can download a teaser of this issue of the magazine with my article (http://websecurity.com.ua/uploads/articles/PenTestExtra_02_2012_Teasers.pdf). There is a fragment of the article in it and you can read full version of the article in the magazine. I hope it will be interesting for you. As you can see, guys and gals, starting from this year I've moved to publish my articles in PenTest magazine, and so minimized publications of my articles to the list ;-). It can be good for some readers of the list, but from other side, it will be good for the readers of the magazine. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
Empathy v1.0   2024 ©Harmonylists.com