http://www.gnucitizen.org/blog/xssing-the-lan/ Information Security Think Tank Sat, 02 Feb 2013 17:50:40 +0000 hourly 1 http://wordpress.org/?v=3.4.1 http://www.gnucitizen.org/blog/xssing-the-lan/comment-page-1/#comment-33144 Ad-Jacking - XSSing for Fun and Profit | GNUCITIZEN Sun, 01 Jul 2007 08:24:49 +0000 http://www.gnucitizen.org/PHP-INF/wordpress/?p=32#comment-33144 [...] XSSing the LAN 1 - introduction to Intranet hacking via browser insecurities [...] [...] XSSing the LAN 1 – introduction to Intranet hacking via browser insecurities [...]

]]> http://www.gnucitizen.org/blog/xssing-the-lan/comment-page-1/#comment-5719 GNUCITIZEN » XSSing the Lan 4 Fri, 02 Mar 2007 11:16:22 +0000 http://www.gnucitizen.org/PHP-INF/wordpress/?p=32#comment-5719 [...] In my previous posts I mentioned that in order to perform advance attacks the malicious script needs to implement the XMLHttpRequest object. I also mentioned that this can be achieved with Flash and Java as well, however none of the methods are perfect, since the browser implements cross domain scripting restrictions which disallow client scripts to perform operations on resources outside of their domain. One way to bypass this restriction is to exploit a XSS hole on the targeted domain and as such bypass the same origin policy. [...] [...] In my previous posts I mentioned that in order to perform advance attacks the malicious script needs to implement the XMLHttpRequest object. I also mentioned that this can be achieved with Flash and Java as well, however none of the methods are perfect, since the browser implements cross domain scripting restrictions which disallow client scripts to perform operations on resources outside of their domain. One way to bypass this restriction is to exploit a XSS hole on the targeted domain and as such bypass the same origin policy. [...]

]]> http://www.gnucitizen.org/blog/xssing-the-lan/comment-page-1/#comment-5716 GNUCITIZEN » XSSing the Lan 3 (trojans) Fri, 02 Mar 2007 10:22:50 +0000 http://www.gnucitizen.org/PHP-INF/wordpress/?p=32#comment-5716 [...] In my previous posts I mentioned that in order to compromise a LAN device from the web, the attacker needs to exploit a XSS vulnerability in the device firmware. The limitations of this kind of attack are quite obvious. Let’s have a look at the exploitation process again. [...] [...] In my previous posts I mentioned that in order to compromise a LAN device from the web, the attacker needs to exploit a XSS vulnerability in the device firmware. The limitations of this kind of attack are quite obvious. Let’s have a look at the exploitation process again. [...]

]]> http://www.gnucitizen.org/blog/xssing-the-lan/comment-page-1/#comment-32 ha.ckers.org web application security lab - Archive » XSS Fiction Tue, 05 Sep 2006 15:33:35 +0000 http://www.gnucitizen.org/PHP-INF/wordpress/?p=32#comment-32 [...] I saw a post this morning point to a fiction story over at Michael Daw’s website about how XSS can be used to steal national secrets. It’s based loosely off of the concepts that Jeremiah built and it references pdp (architect)’s paper on XSSing the Lan. Basically this is just a sensationalist outlook of what is possible, but it’s still an interesting narrative. [...] [...] I saw a post this morning point to a fiction story over at Michael Daw’s website about how XSS can be used to steal national secrets. It’s based loosely off of the concepts that Jeremiah built and it references pdp (architect)’s paper on XSSing the Lan. Basically this is just a sensationalist outlook of what is possible, but it’s still an interesting narrative. [...]

]]>