lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 12 Aug 2006 13:48:20 +0200 From: Martin Dipo Zimmermann <mdz@...hest.com> To: "pdp (architect)" <pdp.gnucitizen@...glemail.com> Cc: full-disclosure@...ts.grok.org.uk, pen-test@...urityfocus.com, bugtraq@...urityfocus.com, webappsec@...urityfocus.com, Daniel Bartlett <dan@...ox.org> Subject: Re: JavaScript get Internal Address (thanks to DanBUK) It appears that your scripts only result is 192.168.1.3 (tested on 5 sites). Dont think its quite ready to fly yet. But very interesting idea. BR Martin pdp (architect) skrev: > http://www.gnucitizen.org/projects/javascript-address-info > http://f-box.org/~dan/jstest.html > > The following technique was brought to me by DanBUK > (http://f-box.org/~dan/). Dan managed to find the internal IP address > of the visiting client by establishing a socket between local host and > the remote web server. Upon success the socket populates its structure > with all kinds of useful information among some of which are the > internal IP address and the hostname. > > http://www.gnucitizen.org/projects/javascript-address-info/addressinfo.js > > This technique requires Java, however I think that It should be > possible to achieve similar result by invoking special ActionScript > methods from Flash. > > POC can be found on the url above. > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists