| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6905b1570608040236o6847cd45n86112ec2eb400520@mail.gmail.com> Date: Fri, 4 Aug 2006 10:36:17 +0100 From: "pdp (architect)" <pdp.gnucitizen@...glemail.com> To: "Zed Qyves" <zqyves.spamtrap@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Attacking the local LAN via XSS you are right but not completely... :) HTTP PORT is not possible on domain different from the current domain, unless browser hacks is employed. regards On 8/4/06, Zed Qyves <zqyves.spamtrap@...il.com> wrote: > Did not attend BlackHet either however I doubt this is the attack vector. > > > 2. border router vulnerable to XSS > > Just as fingerprinting normal web servers, the web server used for > router HTTP management can be fingerprinted, hence the router vendor > itself. Use well known default username/password combination and few > automatic POSTS via javascript/AJAX to "hack" the router and add the > route you want. > > Just a thought. > > ZQ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- pdp (architect) http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists