[WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript

RSnake rsnake at shocking.com
Thu Jul 27 12:30:32 EDT 2006

SPI Dynamics is late.  Jeremiah Grossman and I have been working on this
for quite a while, and he presented about it at an OWASP meeting almost
a month ago, with working demos:


It looks like your whitepaper's first paragraph is pulled almost exactly
from the first paragraph of Jeremiah's presentation overview
(suspiciously close anyway).


Maybe it's a coincidence, but even so his demo was released before yours
by nearly a month.  I think it would be curteous to revise your paper to
reflect as much.


On Thu, 27 Jul 2006, Billy Hoffman wrote:

> Folks,
> SPI Labs has discovered a technique to scan a network, fingerprint all
> the web-enabled devices it finds, and send attacks or commands to those
> devices. This technique can scan networks protected behind firewalls
> such as corporate networks. All the code to do this is written in
> JavaScript and uses parts of the standard that are almost 10 years old.
> Accordingly, the code can execute in nearly any web browser on nearly
> any platform when a user simply opens at a webpage that contains the
> JavaScript. Since this is not exploiting any browser bug or
> vulnerability, there is no patch or defense for the end user other than
> turning off JavaScript support in the browser. The code can be part of a
> Cross Site Scripting (XSS) attack payload, increasing the damage XSS can
> do.
> SPI has published a whitepaper about this technique and has also release
> proof  of concept code that will portscan a given range of IP's and
> fingerprint Microsoft IIS and Apache boxes.
> Whitepaper:
> http://www.spidynamics.com/spilabs/education/articles/JS-portscan.html
> Proof of Concept: http://www.spidynamics.com/spilabs/js-port-scan/
> Have fun,
> Billy Hoffman
> --
> Lead R&D Engineer
> SPI Dynamics - http://www.spidynamics.com <http://www.spidynamics.com/>
> Phone: 678-781-4800
> Direct: 678-781-4845

The Web Security Mailing List: 

The Web Security Mailing List Archives: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

More information about the websecurity mailing list