Full Disclosure mailing list archives

Re: Attacking the local LAN via XSS

From: "Zed Qyves" <zqyves.spamtrap () gmail com>
Date: Fri, 4 Aug 2006 12:28:29 +0300

Did not attend BlackHet either however I doubt this is the attack vector.

  2. border router vulnerable to XSS


Just as fingerprinting normal web servers, the web server used for
router HTTP management can be fingerprinted, hence the router vendor
itself. Use well known default username/password combination and few
automatic POSTS via javascript/AJAX to "hack" the router and add the
route you want.

Just a thought.

ZQ

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Attacking the local LAN via XSS, (continued)
- - Re: Attacking the local LAN via XSS pdp (architect) (Aug 04)
- Re: Attacking the local LAN via XSS Schanulleke (Aug 04)
  - Re: Attacking the local LAN via XSS Siim Põder (Aug 04)
- Re: Attacking the local LAN via XSS Thierry Zoller (Aug 04)
  - Re: Attacking the local LAN via XSS pdp (architect) (Aug 04)
    - Re[2]: Attacking the local LAN via XSS Thierry Zoller (Aug 04)
    - Re: Re[2]: Attacking the local LAN via XSS pdp (architect) (Aug 04)
    - Re: Attacking the local LAN via XSS Nikolay Kubarelov (Aug 07)
    - Re: Attacking the local LAN via XSS Dude VanWinkle (Aug 08)
- Re: Attacking the local LAN via XSS Florian Weimer (Aug 10)
- Re: Attacking the local LAN via XSS Zed Qyves (Aug 04)
  - Re: Attacking the local LAN via XSS pdp (architect) (Aug 04)
    - Re: Attacking the local LAN via XSS Thor Larholm (Aug 04)
    - Re: Attacking the local LAN via XSS pdp (architect) (Aug 04)