Network Security: Detailed info on Re: [Full-disclosure] Attacking the local LAN via XSS

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Re: [Full-disclosure] Attacking the local LAN via XSS

from [Nikolay Kubarelov] Network Security

[Permanent Link]

Subject:	Re: [Full-disclosure] Attacking the local LAN via XSS
Date:	Tue, 8 Aug 2006 02:23:38 +0300

On Friday 04 August 2006 16:06, pdp (architect) wrote:

IMHO, if you want to do stuff on lower level, you need to think of
something else. JavaScript, Flash and Java Applets are technologies
that are designed to run on the WEB. This is why, IMHO, they are quite
good platform for performing WEB/HTTP based attacks.


OK, I'm really interested what are those login web pages with default password 
for admin:password I see all my network. I bet there are more than 10% 
routers with open http ports. 
I can attach snapshots if you buy me a beer.

The question is what where is the xss bug on major http admin panel's.

excuse my english. my bulgarian is better.

-- 
Nikolay Kubarelov
ICQ: 172892700
http://gramophon.com
admin@gramophon.com
+359 88 631-0-634

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-disclosure] Attacking the local LAN via XSS, pdp (architect) Re: [Full-disclosure] Attacking the local LAN via XSS, Schanulleke Re: [Full-disclosure] Attacking the local LAN via XSS, Thierry Zoller Re: [Full-disclosure] Attacking the local LAN via XSS, pdp (architect) Re[2]: [Full-disclosure] Attacking the local LAN via XSS, Thierry Zoller Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS, pdp (architect) Re: [Full-disclosure] Attacking the local LAN via XSS, Nikolay Kubarelov <= Re: [Full-disclosure] Attacking the local LAN via XSS, Dude VanWinkle

Previous by Date:	ARES 2007: Call for workshop proposals, deadline Sept 10, 2006, Manh Tho
Next by Date:	Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper], SPI Labs
Previous by Thread:	Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS, pdp (architect)
Next by Thread:	Re: [Full-disclosure] Attacking the local LAN via XSS, Dude VanWinkle
Indexes:	[Date] [Thread] [Top] [All Lists]