Grey bar Blue bar
Share this:

Wed, 27 Feb 2008

SNMP Joins Dark Side in New XSS Attack

-sigh- the topic is stolen directly from the [DarkReading Article] -snip- It’s yet another new spin on a pervasive attack -- this time using the old standby Simple Network Management Protocol (SNMP) to stage cross-site scripting (XSS) attacks. -snip-

-sigh- a little while back while doing a pen-test on a 1U device, we found that a well poisoned SNMP string could easily result in XSS and even SQL Injection attacks.

a few months later, nick used a variation of this by simply using XSS payloads as his SSID and broadcasting near wifi IDS devices with web based management consoles.

My point is simply that this hardly counts as a new attack.. (we didnt even think it was novel enough to blog at the time!)

-sigh- ignore me.. im older and cynicaler and tireder today.. i should get some sleep...