Full Disclosure mailing list archives
Re: Attacking the local LAN via XSS
From: "pdp (architect)" <pdp.gnucitizen () googlemail com>
Date: Fri, 4 Aug 2006 10:36:17 +0100
you are right but not completely... :) HTTP PORT is not possible on domain different from the current domain, unless browser hacks is employed. regards On 8/4/06, Zed Qyves <zqyves.spamtrap () gmail com> wrote:
Did not attend BlackHet either however I doubt this is the attack vector. > 2. border router vulnerable to XSS Just as fingerprinting normal web servers, the web server used for router HTTP management can be fingerprinted, hence the router vendor itself. Use well known default username/password combination and few automatic POSTS via javascript/AJAX to "hack" the router and add the route you want. Just a thought. ZQ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- pdp (architect) http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Attacking the local LAN via XSS, (continued)
- Re: Attacking the local LAN via XSS Schanulleke (Aug 04)
- Re: Attacking the local LAN via XSS Siim Põder (Aug 04)
- Re: Attacking the local LAN via XSS Thierry Zoller (Aug 04)
- Re: Attacking the local LAN via XSS pdp (architect) (Aug 04)
- Re[2]: Attacking the local LAN via XSS Thierry Zoller (Aug 04)
- Re: Re[2]: Attacking the local LAN via XSS pdp (architect) (Aug 04)
- Re: Attacking the local LAN via XSS Nikolay Kubarelov (Aug 07)
- Re: Attacking the local LAN via XSS Dude VanWinkle (Aug 08)
- Re: Attacking the local LAN via XSS pdp (architect) (Aug 04)
- Re: Attacking the local LAN via XSS Schanulleke (Aug 04)
- Re: Attacking the local LAN via XSS pdp (architect) (Aug 04)
- Re: Attacking the local LAN via XSS Thor Larholm (Aug 04)
- Re: Attacking the local LAN via XSS pdp (architect) (Aug 04)