lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 04 Mar 2007 21:37:16 +0000 From: mark <mark@...dshell.net> To: full-disclosure@...ts.grok.org.uk Subject: Extending JavaScript Portscanning to Include Banner Grabbing There's a new paper/advisory at: http://bindshell.net/papers/ftppasv Here's a quick summary: A common implementation flaw in FTP clients allows FTP servers to cause clients to connect to other hosts. This seemly small vulnerability has some interesting consequences for web browser security (namely in Firefox, Opera and Konqueror). This paper discusses the FTP client flaw in detail and demonstrates how it can be used to attack web browsers. Proof of concept code is presented that extends existing JavaScript port-scanning techniques to scan any TCP port from Firefox (even though it now implements "port banning" restrictions). Because of the way the same-origin policy is applied it is also possible to perform banner-grabbing scans against arbitrary hosts. Finally, for services that don't return a banner an alternative fingerprinting technique is demonstrated which measures the time it takes servers to close inactive TCP connections. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists