|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Attacking the local LAN via XSS
From: Florian Weimer (fw
deneb.enyo.de)
Date: Thu Aug 10 2006 - 09:39:45 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
* pdp:
> 1. page that is controlled by the attacker, lets call it evil.com
> 2. border router vulnerable to XSS
> 3. user attending evil.com
This has nothing to do with cross-site scripting attacks, it's an
entirely different vulnerability class called cross-site request
forgery (CSRF). A lot of web applications are afffected.
Technically, this is a browser vulnerability, but you can't fix it
there as cross-site requests are too common in the real world.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]