Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-disclosure] Attacking the local LAN via XSS
From: Florian Weimer (fwdeneb.enyo.de)
Date: Thu Aug 10 2006 - 09:39:45 CDT
> 1. page that is controlled by the attacker, lets call it evil.com
> 2. border router vulnerable to XSS
> 3. user attending evil.com
This has nothing to do with cross-site scripting attacks, it's an
entirely different vulnerability class called cross-site request
forgery (CSRF). A lot of web applications are afffected.
Technically, this is a browser vulnerability, but you can't fix it
there as cross-site requests are too common in the real world.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/