mailing list archives
Re: Attacking the local LAN via XSS
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 10 Aug 2006 16:39:45 +0200
1. page that is controlled by the attacker, lets call it evil.com
2. border router vulnerable to XSS
3. user attending evil.com
This has nothing to do with cross-site scripting attacks, it's an
entirely different vulnerability class called cross-site request
forgery (CSRF). A lot of web applications are afffected.
Technically, this is a browser vulnerability, but you can't fix it
there as cross-site requests are too common in the real world.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: Attacking the local LAN via XSS Florian Weimer (Aug 10)
Re: Attacking the local LAN via XSS Zed Qyves (Aug 04)
- Re: Attacking the local LAN via XSS, (continued)