|
Full Disclosure
mailing list archives
Re: Attacking the local LAN via XSS
From: "pdp (architect)" <pdp.gnucitizen () googlemail com>
Date: Fri, 4 Aug 2006 10:36:17 +0100
you are right but not completely... :)
HTTP PORT is not possible on domain different from the current domain,
unless browser hacks is employed.
regards
On 8/4/06, Zed Qyves <zqyves.spamtrap () gmail com> wrote:
Did not attend BlackHet either however I doubt this is the attack vector.
> 2. border router vulnerable to XSS
Just as fingerprinting normal web servers, the web server used for
router HTTP management can be fingerprinted, hence the router vendor
itself. Use well known default username/password combination and few
automatic POSTS via javascript/AJAX to "hack" the router and add the
route you want.
Just a thought.
ZQ
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pdp (architect)
http://www.gnucitizen.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: Re[2]: Attacking the local LAN via XSS, (continued)
Re: Attacking the local LAN via XSS Florian Weimer (Aug 10)
Re: Attacking the local LAN via XSS Zed Qyves (Aug 04)
- Re: Attacking the local LAN via XSS pdp (architect) (Aug 04)
| 
Intro
