[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript

From: RSnake <rsnake@xxxxxxxxxxxx>
Subject: Re: [WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript
Date: Thu, 27 Jul 2006 09:30:32 -0700 (PDT)


SPI Dynamics is late.  Jeremiah Grossman and I have been working on this
for quite a while, and he presented about it at an OWASP meeting almost
a month ago, with working demos:

http://www.owasp.org/index.php?title=San_Jose&oldid=6982

It looks like your whitepaper's first paragraph is pulled almost exactly
from the first paragraph of Jeremiah's presentation overview
(suspiciously close anyway).

http://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#Grossman

Maybe it's a coincidence, but even so his demo was released before yours
by nearly a month.  I think it would be curteous to revise your paper to
reflect as much.

-RSnake
http://ha.ckers.org/
http://ha.ckers.org/xss.html
http://ha.ckers.org/blog/feed/


On Thu, 27 Jul 2006, Billy Hoffman wrote:

Folks,

SPI Labs has discovered a technique to scan a network, fingerprint all
the web-enabled devices it finds, and send attacks or commands to those
devices. This technique can scan networks protected behind firewalls
such as corporate networks. All the code to do this is written in
JavaScript and uses parts of the standard that are almost 10 years old.
Accordingly, the code can execute in nearly any web browser on nearly
any platform when a user simply opens at a webpage that contains the
JavaScript. Since this is not exploiting any browser bug or
vulnerability, there is no patch or defense for the end user other than
turning off JavaScript support in the browser. The code can be part of a
Cross Site Scripting (XSS) attack payload, increasing the damage XSS can
do.

SPI has published a whitepaper about this technique and has also release
proof  of concept code that will portscan a given range of IP's and
fingerprint Microsoft IIS and Apache boxes.

Whitepaper:
http://www.spidynamics.com/spilabs/education/articles/JS-portscan.html

Proof of Concept: http://www.spidynamics.com/spilabs/js-port-scan/

Have fun,

Billy Hoffman

--

Lead R&D Engineer

SPI Dynamics - http://www.spidynamics.com <http://www.spidynamics.com/>

Phone: 678-781-4800

Direct: 678-781-4845

---------------------------------------------------------------------------- The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- RE: [WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript
  - From: Billy Hoffman

References:
- [WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript
  - From: Billy Hoffman

Prev by Date: [WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript
Next by Date: RE: [WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript
Previous by thread: [WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript
Next by thread: RE: [WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site