The Hacka Man
Friday, October 5, 2007
Another hole????
Hey "big organization", need no explaination. You have been owned again. Well i am smart not to let you see the actual url string, else you will secure yourself? Still call me a script kiddie?? Think harder. Challenge me?? Why not do something to your site rather than challenging people here and there? Need to know the actual payload and url string? Call me. You are lucky i didn't use xss to portscan your internal network or cause a defacement and make you look like a fool. Respect others and respect yourself.
The Hacka Man
The Hacka Man
Subscribe to:
Post Comments (Atom)
7 comments:
How would you use client-side XSS to scan their LAN ?
No answer ?
BeEF or XSSshell...of course no response..you're a script kiddie ::(
I know those tools, but I haven't looked at them so far.
I'm curious, how XSS does port-scanning to a webservers LAN.
Didn't found a way to port-scan the webhoster's LAN.
So, how is this done ?
(Scanning a client's LAN using JS is uninteressting here.)
No answer again ?
Well, I'm still around waiting for a good answer. ;)
How would one manage to hack directly into a private LAN using an XSS-flaw on their Internet-website (Internet not Intranet). Misconfigured web servers (working like a proxy) do not require XSS. And there should be no need to trick someone on the internal LAN via e-mail (including a link to their website using the XSS-flaw in it)!
How would one do that? I really think, that there's no way.
Post a Comment