Full Disclosure mailing list archives

Re: Attacking the local LAN via XSS

From: Georgi Guninski <guninski () guninski com>
Date: Fri, 4 Aug 2006 10:02:13 +0300

On Fri, Aug 04, 2006 at 12:35:48AM +0100, pdp (architect) wrote:

For that purpose three prerequisites are needed:

  1. page that is controlled by the attacker, lets call it evil.com
  2. border router vulnerable to XSS


do you need javascript in all cases? unless you badly need http POST, doing
blind <img src=http://ip/cgi-bin/readmailreallyfast>, iframe src=, may have 
interesting side effects. 

-- 
where do you want bill gates to go today?

EOM











_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Attacking the local LAN via XSS pdp (architect) (Aug 03)
- Re: Attacking the local LAN via XSS Peter Dawson (Aug 03)
  - Re: Attacking the local LAN via XSS pdp (architect) (Aug 04)
- Re: Attacking the local LAN via XSS Georgi Guninski (Aug 04)
  - Re: Attacking the local LAN via XSS pdp (architect) (Aug 04)
- Re: Attacking the local LAN via XSS Schanulleke (Aug 04)
  - Re: Attacking the local LAN via XSS Siim Põder (Aug 04)
- Re: Attacking the local LAN via XSS Thierry Zoller (Aug 04)
  - Re: Attacking the local LAN via XSS pdp (architect) (Aug 04)
    - Re[2]: Attacking the local LAN via XSS Thierry Zoller (Aug 04)
    - Re: Re[2]: Attacking the local LAN via XSS pdp (architect) (Aug 04)
    - Re: Attacking the local LAN via XSS Nikolay Kubarelov (Aug 07)
    - Re: Attacking the local LAN via XSS Dude VanWinkle (Aug 08)
- Re: Attacking the local LAN via XSS Florian Weimer (Aug 10)

(Thread continues...)