lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 8 Aug 2006 02:23:38 +0300
From: Nikolay Kubarelov <admin@...mophon.com>
To: bugtraq@...urityfocus.com
Cc: "pdp (architect)" <pdp.gnucitizen@...glemail.com>,
	"Thierry Zoller" <Thierry@...ler.lu>,
	full-disclosure@...ts.grok.org.uk, pen-test@...urityfocus.com,
	webappsec@...urityfocus.com
Subject: Re: [Full-disclosure] Attacking the local LAN via XSS

On Friday 04 August 2006 16:06, pdp (architect) wrote:
> IMHO, if you want to do stuff on lower level, you need to think of
> something else. JavaScript, Flash and Java Applets are technologies
> that are designed to run on the WEB. This is why, IMHO, they are quite
> good platform for performing WEB/HTTP based attacks.

OK, I'm really interested what are those login web pages with default password 
for admin:password I see all my network. I bet there are more than 10% 
routers with open http ports. 
I can attach snapshots if you buy me a beer.

The question is what where is the xss bug on major http admin panel's.

excuse my english. my bulgarian is better.

-- 
Nikolay Kubarelov
ICQ: 172892700
http://gramophon.com
admin@...mophon.com
+359 88 631-0-634

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ