Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Attacking the local LAN via XSS
From: Georgi Guninski <guninski () guninski com>
Date: Fri, 4 Aug 2006 10:02:13 +0300

On Fri, Aug 04, 2006 at 12:35:48AM +0100, pdp (architect) wrote:
For that purpose three prerequisites are needed:

  1. page that is controlled by the attacker, lets call it evil.com
  2. border router vulnerable to XSS

do you need javascript in all cases? unless you badly need http POST, doing
blind <img src=http://ip/cgi-bin/readmailreallyfast>, iframe src=, may have 
interesting side effects. 

-- 
where do you want bill gates to go today?

EOM











_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]