Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Attacking the local LAN via XSS
From: "Zed Qyves" <zqyves.spamtrap () gmail com>
Date: Fri, 4 Aug 2006 12:28:29 +0300

Did not attend BlackHet either however I doubt this is the attack vector.

  2. border router vulnerable to XSS

Just as fingerprinting normal web servers, the web server used for
router HTTP management can be fingerprinted, hence the router vendor
itself. Use well known default username/password combination and few
automatic POSTS via javascript/AJAX to "hack" the router and add the
route you want.

Just a thought.

ZQ

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault