WebApp Sec mailing list archives

Re: [Full-disclosure] Attacking the local LAN via XSS

From: Nikolay Kubarelov <admin () gramophon com>
Date: Tue, 8 Aug 2006 02:23:38 +0300

On Friday 04 August 2006 16:06, pdp (architect) wrote:

IMHO, if you want to do stuff on lower level, you need to think of
something else. JavaScript, Flash and Java Applets are technologies
that are designed to run on the WEB. This is why, IMHO, they are quite
good platform for performing WEB/HTTP based attacks.


OK, I'm really interested what are those login web pages with default password 
for admin:password I see all my network. I bet there are more than 10% 
routers with open http ports. 
I can attach snapshots if you buy me a beer.

The question is what where is the xss bug on major http admin panel's.

excuse my english. my bulgarian is better.

-- 
Nikolay Kubarelov
ICQ: 172892700
http://gramophon.com
admin () gramophon com
+359 88 631-0-634

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web 
application security assessment tools by both Gartner and IDC. 
Download a free trial of AppScan today and see why more customers choose 
AppScan then any other solution. Try it today!
  
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------

Current thread:

Attacking the local LAN via XSS pdp (architect) (Aug 03)
- Re: [Full-disclosure] Attacking the local LAN via XSS Schanulleke (Aug 04)
- Message not available
  - Re: [Full-disclosure] Attacking the local LAN via XSS pdp (architect) (Aug 04)
    - Re[2]: [Full-disclosure] Attacking the local LAN via XSS Thierry Zoller (Aug 04)
    - Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS pdp (architect) (Aug 04)
    - Re: [Full-disclosure] Attacking the local LAN via XSS Nikolay Kubarelov (Aug 07)
    - Re: [Full-disclosure] Attacking the local LAN via XSS Dude VanWinkle (Aug 08)