[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Attacking the local LAN via XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Attacking the local LAN via XSS
From: Nikolay Kubarelov <admin@xxxxxxxxxxxxx>
Date: Tue, 8 Aug 2006 02:23:38 +0300

On Friday 04 August 2006 16:06, pdp (architect) wrote:
> IMHO, if you want to do stuff on lower level, you need to think of
> something else. JavaScript, Flash and Java Applets are technologies
> that are designed to run on the WEB. This is why, IMHO, they are quite
> good platform for performing WEB/HTTP based attacks.

OK, I'm really interested what are those login web pages with default password 
for admin:password I see all my network. I bet there are more than 10% 
routers with open http ports. 
I can attach snapshots if you buy me a beer.

The question is what where is the xss bug on major http admin panel's.

excuse my english. my bulgarian is better.

-- 
Nikolay Kubarelov
ICQ: 172892700
http://gramophon.com
admin@xxxxxxxxxxxxx
+359 88 631-0-634

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Attacking the local LAN via XSS
  - From: Dude VanWinkle

References:
- [Full-disclosure] Attacking the local LAN via XSS
  - From: pdp (architect)
- Re[2]: [Full-disclosure] Attacking the local LAN via XSS
  - From: Thierry Zoller
- Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS
  - From: pdp (architect)

Prev by Date: [Full-disclosure] [SECURITY] [DSA 1145-1] New freeradius packages fix several vulnerabilities
Next by Date: [Full-disclosure] Re: when will AV vendors fix this???
Previous by thread: Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS
Next by thread: Re: [Full-disclosure] Attacking the local LAN via XSS
Index(es):
- Date
- Thread