| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200608080223.38685.admin@gramophon.com> Date: Tue, 8 Aug 2006 02:23:38 +0300 From: Nikolay Kubarelov <admin@...mophon.com> To: bugtraq@...urityfocus.com Cc: "pdp (architect)" <pdp.gnucitizen@...glemail.com>, "Thierry Zoller" <Thierry@...ler.lu>, full-disclosure@...ts.grok.org.uk, pen-test@...urityfocus.com, webappsec@...urityfocus.com Subject: Re: [Full-disclosure] Attacking the local LAN via XSS On Friday 04 August 2006 16:06, pdp (architect) wrote: > IMHO, if you want to do stuff on lower level, you need to think of > something else. JavaScript, Flash and Java Applets are technologies > that are designed to run on the WEB. This is why, IMHO, they are quite > good platform for performing WEB/HTTP based attacks. OK, I'm really interested what are those login web pages with default password for admin:password I see all my network. I bet there are more than 10% routers with open http ports. I can attach snapshots if you buy me a beer. The question is what where is the xss bug on major http admin panel's. excuse my english. my bulgarian is better. -- Nikolay Kubarelov ICQ: 172892700 http://gramophon.com admin@...mophon.com +359 88 631-0-634
Powered by blists - more mailing lists