[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Firefox CSS flaws

From: "Brian Eaton" <eaton.lists@xxxxxxxxx>
Subject: Re: [WEB SECURITY] Firefox CSS flaws
Date: Sat, 25 Aug 2007 12:23:11 -0700

On 8/24/07, gaz_sec@xxxxxxxxxxxx <gaz_sec@xxxxxxxxxxxx> wrote:
> I've written a CSS LAN scanner in pure CSS without Javascript. It
> is possible to scan local addresses, store the result or even check
> any url has been visited all without javascript!
>
> http://www.businessinfo.co.uk/labs/css_lan_scan/css_lan_scanner.php
>
> Scary stuff

Didn't work for me, though from looking at the HTML I think it might
work in some LANs.

You seem to be relying on default IP addresses as a way of
fingerprinting routers.  Any more to it than that?

Cheers,
Brian

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] Firefox CSS flaws
  - From: Michael Vergoz

References:
- [WEB SECURITY] Firefox CSS flaws
  - From: gaz_sec

Prev by Date: [WEB SECURITY] Firefox CSS flaws
Next by Date: [WEB SECURITY] Intrusion Detection with Heterogenous Sensors
Previous by thread: [WEB SECURITY] Firefox CSS flaws
Next by thread: Re: [WEB SECURITY] Firefox CSS flaws
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site