| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 12 Aug 2006 09:55:02 +0100 From: "pdp (architect)" <pdp.gnucitizen@...glemail.com> To: full-disclosure@...ts.grok.org.uk, pen-test@...urityfocus.com, webappsec@...urityfocus.com, "Daniel Bartlett" <dan@...ox.org>, bugtraq@...urityfocus.com Cc: Subject: JavaScript get Internal Address (thanks to DanBUK) http://www.gnucitizen.org/projects/javascript-address-info http://f-box.org/~dan/jstest.html The following technique was brought to me by DanBUK (http://f-box.org/~dan/). Dan managed to find the internal IP address of the visiting client by establishing a socket between local host and the remote web server. Upon success the socket populates its structure with all kinds of useful information among some of which are the internal IP address and the hostname. http://www.gnucitizen.org/projects/javascript-address-info/addressinfo.js This technique requires Java, however I think that It should be possible to achieve similar result by invoking special ActionScript methods from Flash. POC can be found on the url above. -- pdp (architect) http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists