Re: [Full-disclosure] Attacking the local LAN via XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Attacking the local LAN via XSS
From: Nikolay Kubarelov <admin@xxxxxxxxxxxxx>
Date: Tue, 8 Aug 2006 02:23:38 +0300
Cc: "pdp (architect)" <pdp.gnucitizen@xxxxxxxxxxxxxx>, "Thierry Zoller" <Thierry@xxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx, pen-test@xxxxxxxxxxxxxxxxx, webappsec@xxxxxxxxxxxxxxxxx
In-reply-to: <6905b1570608040606s2f776705s403ef8d14572a3f@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: gramophon.com
References: <6905b1570608031635s3c4396denbe061ffae0ef0617@xxxxxxxxxxxxxx> <794729335.20060804141140@xxxxxxxxx> <6905b1570608040606s2f776705s403ef8d14572a3f@xxxxxxxxxxxxxx>
User-agent: KMail/1.9.3

On Friday 04 August 2006 16:06, pdp (architect) wrote:
> IMHO, if you want to do stuff on lower level, you need to think of
> something else. JavaScript, Flash and Java Applets are technologies
> that are designed to run on the WEB. This is why, IMHO, they are quite
> good platform for performing WEB/HTTP based attacks.

OK, I'm really interested what are those login web pages with default password 
for admin:password I see all my network. I bet there are more than 10% 
routers with open http ports. 
I can attach snapshots if you buy me a beer.

The question is what where is the xss bug on major http admin panel's.

excuse my english. my bulgarian is better.

-- 
Nikolay Kubarelov
ICQ: 172892700
http://gramophon.com
admin@xxxxxxxxxxxxx
+359 88 631-0-634

References:
- Attacking the local LAN via XSS
  - From: pdp (architect)
- Re[2]: [Full-disclosure] Attacking the local LAN via XSS
  - From: Thierry Zoller
- Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS
  - From: pdp (architect)

Prev by Date: Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory
Next by Date: Re: linksys WRT54g authentication bypass
Previous by thread: Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS
Next by thread: AUTODAFE: an Act of Software Torture [FUZZER]
Index(es):
- Date
- Thread