|
|
|
|
|
|
by woodall
5782 days ago
|
|
|
The attack/code he showed cannot, but what you can do it write different iframes. Here is an example: a+'.'+b+'.'+c+'.'+d where a=192 b=168 c=0-255 b=0-255 Of course this could be any private network address range[1]. Next you would use document.write or .innertext to make these iframes. Personally I wouldn't stop at the first one. I would log all the frames that loaded into an array and from there test them further. I would also get the users IP address and tack on :80, :8080, :21, ect and see what I am presented with- web torrent frontends, ftp servers, ect. [1] http://en.wikipedia.org/wiki/Private_network |
|
|
for(var c=0;i<255;i++) { for (var d=0;j<255;j++) { document.write('<iframe height="1" width="1" src="http://192.168. + c + '.' + d + '" id="' + i + '.' + j + '" name="' + c + '.' + d + '"></iframe>'); } }
<iframe> portscans, wow.
For a massively-deployed hack like Samy's, it makes plenty of sense to just check the small handful of major-brand wifi routers.