Bugtraq mailing list archives
Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS
From: "pdp (architect)" <pdp.gnucitizen () googlemail com>
Date: Fri, 4 Aug 2006 14:06:57 +0100
I agree with you. Sometimes routers do not have http enabled although I believe that most administrators enable this service to perform easy/remote administration tasks. However, it is quite common to find http enabled devices. :) printers, wireless printers, cameras... you name it. Attacking these devices is not that severe as attacking the border router however, if the attacker is able to misconfigure one or more of these devices some bad things can happen (DoS, etc). IMHO, if you want to do stuff on lower level, you need to think of something else. JavaScript, Flash and Java Applets are technologies that are designed to run on the WEB. This is why, IMHO, they are quite good platform for performing WEB/HTTP based attacks. cheers On 8/4/06, Thierry Zoller <Thierry () zoller lu> wrote:
Dear pdp (architect), pa> BTW, there are quite a lot cisco devices that have http open on local pa> LAN vulnerable to IOS HTTP Authorization Vulnerability. That's my point, I have done an ehaustive amount of pentest, I have never come accross a router with accessible HTTP port. Maybe that's related to the nature of the networks though. -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
-- pdp (architect) http://www.gnucitizen.org
Current thread:
- Attacking the local LAN via XSS pdp (architect) (Aug 07)
- Re: [Full-disclosure] Attacking the local LAN via XSS Schanulleke (Aug 07)
- Re: [Full-disclosure] Attacking the local LAN via XSS Thierry Zoller (Aug 07)
- Re: [Full-disclosure] Attacking the local LAN via XSS pdp (architect) (Aug 07)
- Re[2]: [Full-disclosure] Attacking the local LAN via XSS Thierry Zoller (Aug 07)
- Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS pdp (architect) (Aug 07)
- Re: [Full-disclosure] Attacking the local LAN via XSS Nikolay Kubarelov (Aug 11)
- Re: [Full-disclosure] Attacking the local LAN via XSS pdp (architect) (Aug 07)