WebApp Sec mailing list archives
Re: applet security connecting to hosts
From: Haroon Meer <haroon () sensepost com>
Date: Thu, 10 Mar 2005 08:42:45 +0200
Hi.. > F Lace wrote: > First off, can someone explain the security issue if an unsigned > applet connects to a different host? > Thanks.There could be multiple reasons for this but a while back we spent some time writing an applet that _could_ bypass this restriction with the following aims :
[a] While applet has pretty pictures (or just duke doing hand-flips) moving in the users browser, the applet is port-scanning hosts on his internal network and sending the results back our server. (by connecting sequentially to ports on the internal host)
[b] Once our applet has scanned, and fingerprinted internal hosts we can also get it to attack internal hosts (all this while the user simply sees moving pictures in his browser)
I guess the threat of of applet that loads in your browser and then attacks "whitehouse.gov" is just as serious..
/mh ====================================================================== Haroon Meer MH SensePost Information Security +27 83786 6637 PGP : http://www.sensepost.com/pgp/haroon.txt haroon () sensepost com ======================================================================
Current thread:
- applet security connecting to hosts F Lace (Mar 09)
- Re: applet security connecting to hosts Haroon Meer (Mar 13)
- Re: applet security connecting to hosts Jeremiah Grossman (Mar 13)