- Many (most) routers use UPnP for configuration, which uses SOAP over HTTP.
- Despite there being an autodiscovery phase to UPnP that involves non-HTTP packets, you can guess a router's IP anyway and you don't need to do autodiscovery to run commands.
- Flash lets you set arbitrary HTTP headers and POST to arbitrary hosts. This is standard XSRF -- the POSTing could be done with DHTML, so Flash is just needed to set the SOAP header.
- Therefore, malicious Flash can run port-opening commands on your router.
upnp/flash vulnerability
-
blog moved
As described elsewhere, I've quit LiveJournal. If you're interested in my continuing posts, you should look at one of these (each contains feed…
-
dremel
They published a paper on Dremel, my favorite previously-unpublished tool from the Google toolchest. Greg Linden discusses it: "[...] it is capable…
-
treemaps
I finally wrote up my recent adventures in treemapping, complete with nifty clickable visualizations.
- Post a new comment
- 6 comments
- Post a new comment
- 6 comments