Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Attacking the local LAN via XSS
From: vile <vileone () gmail com>
Date: Wed, 18 Oct 2006 13:50:08 -0500

holy shit! you all are the biggest faggots i've ever seen!

On 8/10/06, Florian Weimer <fw () deneb enyo de> wrote:

* pdp:

>   1. page that is controlled by the attacker, lets call it evil.com
>   2. border router vulnerable to XSS
>   3. user attending evil.com

This has nothing to do with cross-site scripting attacks, it's an
entirely different vulnerability class called cross-site request
forgery (CSRF).  A lot of web applications are afffected.

Technically, this is a browser vulnerability, but you can't fix it
there as cross-site requests are too common in the real world.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Re: Attacking the local LAN via XSS vile (Oct 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]