[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Attacking the local LAN via XSS

To: "pdp (architect)" <pdp.gnucitizen@xxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Attacking the local LAN via XSS
From: Georgi Guninski <guninski@xxxxxxxxxxxx>
Date: Fri, 4 Aug 2006 10:02:13 +0300

On Fri, Aug 04, 2006 at 12:35:48AM +0100, pdp (architect) wrote:
> For that purpose three prerequisites are needed:
> 
>   1. page that is controlled by the attacker, lets call it evil.com
>   2. border router vulnerable to XSS

do you need javascript in all cases? unless you badly need http POST, doing
blind <img src=http://ip/cgi-bin/readmailreallyfast>, iframe src=, may have 
interesting side effects. 

-- 
where do you want bill gates to go today?

EOM

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Attacking the local LAN via XSS
  - From: pdp (architect)

References:
- [Full-disclosure] Attacking the local LAN via XSS
  - From: pdp (architect)

Prev by Date: [Full-disclosure] [SECURITY] [DSA 1142-1] New freeciv packages fix arbitrary code execution
Next by Date: Re: [Full-disclosure] Attacking the local LAN via XSS
Previous by thread: Re: [Full-disclosure] Attacking the local LAN via XSS
Next by thread: Re: [Full-disclosure] Attacking the local LAN via XSS
Index(es):
- Date
- Thread