Full Disclosure: Re: Attacking the local LAN via XSS

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Attacking the local LAN via XSS

From: "Zed Qyves" <zqyves.spamtrap () gmail com>
Date: Fri, 4 Aug 2006 12:28:29 +0300

Did not attend BlackHet either however I doubt this is the attack vector.

  2. border router vulnerable to XSS


Just as fingerprinting normal web servers, the web server used for
router HTTP management can be fingerprinted, hence the router vendor
itself. Use well known default username/password combination and few
automatic POSTS via javascript/AJAX to "hack" the router and add the
route you want.

Just a thought.

ZQ

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re[2]: Attacking the local LAN via XSS, (continued)
- Re: Attacking the local LAN via XSS Florian Weimer (Aug 10)
- Re: Attacking the local LAN via XSS Zed Qyves (Aug 04)
  - Re: Attacking the local LAN via XSS pdp (architect) (Aug 04)
    - Re: Attacking the local LAN via XSS Thor Larholm (Aug 04)
    - Re: Attacking the local LAN via XSS pdp (architect) (Aug 04)