[WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript

RSnake rsnake at shocking.com
Thu Jul 27 12:30:32 EDT 2006


SPI Dynamics is late.  Jeremiah Grossman and I have been working on this
for quite a while, and he presented about it at an OWASP meeting almost
a month ago, with working demos:

http://www.owasp.org/index.php?title=San_Jose&oldid=6982

It looks like your whitepaper's first paragraph is pulled almost exactly
from the first paragraph of Jeremiah's presentation overview
(suspiciously close anyway).

http://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#Grossman

Maybe it's a coincidence, but even so his demo was released before yours
by nearly a month.  I think it would be curteous to revise your paper to
reflect as much.

-RSnake
http://ha.ckers.org/
http://ha.ckers.org/xss.html
http://ha.ckers.org/blog/feed/


On Thu, 27 Jul 2006, Billy Hoffman wrote:

> Folks,
>
>
>
> SPI Labs has discovered a technique to scan a network, fingerprint all
> the web-enabled devices it finds, and send attacks or commands to those
> devices. This technique can scan networks protected behind firewalls
> such as corporate networks. All the code to do this is written in
> JavaScript and uses parts of the standard that are almost 10 years old.
> Accordingly, the code can execute in nearly any web browser on nearly
> any platform when a user simply opens at a webpage that contains the
> JavaScript. Since this is not exploiting any browser bug or
> vulnerability, there is no patch or defense for the end user other than
> turning off JavaScript support in the browser. The code can be part of a
> Cross Site Scripting (XSS) attack payload, increasing the damage XSS can
> do.
>
>
>
> SPI has published a whitepaper about this technique and has also release
> proof  of concept code that will portscan a given range of IP's and
> fingerprint Microsoft IIS and Apache boxes.
>
>
>
> Whitepaper:
> http://www.spidynamics.com/spilabs/education/articles/JS-portscan.html
>
> Proof of Concept: http://www.spidynamics.com/spilabs/js-port-scan/
>
>
>
> Have fun,
>
> Billy Hoffman
>
> --
>
> Lead R&D Engineer
>
> SPI Dynamics - http://www.spidynamics.com <http://www.spidynamics.com/>
>
> Phone: 678-781-4800
>
> Direct: 678-781-4845

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list