[WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript

Billy Hoffman Billy.Hoffman at spidynamics.com
Thu Jul 27 11:47:49 EDT 2006



SPI Labs has discovered a technique to scan a network, fingerprint all
the web-enabled devices it finds, and send attacks or commands to those
devices. This technique can scan networks protected behind firewalls
such as corporate networks. All the code to do this is written in
JavaScript and uses parts of the standard that are almost 10 years old.
Accordingly, the code can execute in nearly any web browser on nearly
any platform when a user simply opens at a webpage that contains the
JavaScript. Since this is not exploiting any browser bug or
vulnerability, there is no patch or defense for the end user other than
turning off JavaScript support in the browser. The code can be part of a
Cross Site Scripting (XSS) attack payload, increasing the damage XSS can


SPI has published a whitepaper about this technique and has also release
proof  of concept code that will portscan a given range of IP's and
fingerprint Microsoft IIS and Apache boxes.



Proof of Concept: http://www.spidynamics.com/spilabs/js-port-scan/


Have fun,

Billy Hoffman


Lead R&D Engineer

SPI Dynamics - http://www.spidynamics.com <http://www.spidynamics.com/> 

Phone: 678-781-4800

Direct: 678-781-4845

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20060727/88bac6e2/attachment.html>

More information about the websecurity mailing list