Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Attacking the local LAN via XSS
From: Nikolay Kubarelov <admin () gramophon com>
Date: Tue, 8 Aug 2006 02:23:38 +0300

On Friday 04 August 2006 16:06, pdp (architect) wrote:
IMHO, if you want to do stuff on lower level, you need to think of
something else. JavaScript, Flash and Java Applets are technologies
that are designed to run on the WEB. This is why, IMHO, they are quite
good platform for performing WEB/HTTP based attacks.

OK, I'm really interested what are those login web pages with default password 
for admin:password I see all my network. I bet there are more than 10% 
routers with open http ports. 
I can attach snapshots if you buy me a beer.

The question is what where is the xss bug on major http admin panel's.

excuse my english. my bulgarian is better.

Nikolay Kubarelov
ICQ: 172892700
admin () gramophon com
+359 88 631-0-634

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]