AOH :: HP Unsorted E :: C07-2534.HTM

Extending JavaScript Portscanning to Include Banner Grabbing



Extending JavaScript Portscanning to Include Banner Grabbing
Extending JavaScript Portscanning to Include Banner Grabbing



There's a new paper/advisory at: http://bindshell.net/papers/ftppasv 

Here's a quick summary:

A common implementation flaw in FTP clients allows FTP servers
to cause clients to connect to other hosts. This seemly small vulnerability
has some interesting consequences for web browser security (namely in
Firefox, Opera and Konqueror).

This paper discusses the FTP client flaw in detail and demonstrates how
it can be used to attack web browsers.  Proof of concept code is
presented that extends existing JavaScript port-scanning techniques to
scan any TCP port from Firefox (even though it now implements
"port banning" restrictions). Because of the way the same-origin policy
is applied it is also possible to perform banner-grabbing scans against
arbitrary hosts. Finally, for services that don't return a banner an
alternative fingerprinting technique is demonstrated which measures
the time it takes servers to close inactive TCP connections.



The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.