[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Firefox CSS flaws

From: <gaz_sec@xxxxxxxxxxxx>
Subject: Re: [WEB SECURITY] Firefox CSS flaws
Date: Mon, 27 Aug 2007 11:20:19 +0100

Yes at the moment the default IP is used so it is limited to the 
amount of IP's stored but it would be possible to fingerprint the 
routers by the manufacturer if the router's DNS name was used 
instead.

Cheers

Gareth

On Sat, 25 Aug 2007 20:23:11 +0100 Brian Eaton 
<eaton.lists@xxxxxxxxx> wrote:
>On 8/24/07, gaz_sec@xxxxxxxxxxxx <gaz_sec@xxxxxxxxxxxx> wrote:
>> I've written a CSS LAN scanner in pure CSS without Javascript. 
>It
>> is possible to scan local addresses, store the result or even 
>check
>> any url has been visited all without javascript!
>>
>> 
>http://www.businessinfo.co.uk/labs/css_lan_scan/css_lan_scanner.php
>
>>
>> Scary stuff
>
>Didn't work for me, though from looking at the HTML I think it 
>might
>work in some LANs.
>
>You seem to be relying on default IP addresses as a way of
>fingerprinting routers.  Any more to it than that?
>
>Cheers,
>Brian

--
Don't give up hope! Click here for professional marriage counseling!
http://tagline.hushmail.com/fc/Ioyw6h4fGykhv6X8xkFHPDxVMQhrMLd0lWfqd6RLIpvLsMK6yelxxg/


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Prev by Date: Re: [WEB SECURITY] Firefox CSS flaws
Next by Date: [WEB SECURITY] WASC Announcement: 'Script Mapping Project' Call for Participants
Previous by thread: Re: [WEB SECURITY] Firefox CSS flaws
Next by thread: [WEB SECURITY] Intrusion Detection with Heterogenous Sensors
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site