Did anyone search for this, or are they too paranoid? :) There are a number of results, appears to not be unique at all... http://www.google.com/search?q=javascript+%22port+scan
One method uses <script src="...."> and typeof on the result to get a signature; another uses only HTML, using the link tag to attempt to load what the browser thinks is a CSS, and then call upon an IMG which is really a timer script. JS: http://www.gnucitizen.org/projects/javascript-port-scanner/ and http://michaeldaw.org/projects/jsescanner/ ~ben On Thu, Jul 10, 2008 at 9:05 AM, M. Bitner <[EMAIL PROTECTED]> wrote: > It might have been IE only, I'm not sure. I don't work in the same > place but I can try and find out some more details from my former > colleague. > > On Wed, Jul 9, 2008 at 10:47 PM, Neil Parker <[EMAIL PROTECTED]> wrote: >> Another thing worth remembering is that just as Javascript itself differs >> quit a bit from browser to browser, so do its security issues. A >> feature (?) that makes it possible to write a port scanner in one >> browser might not exist at all in another browser. >> >> Traditionally Internet Explorer has been considered the worst offender >> security-wise. In part this is because it lets you say "x = new >> ActiveXObject(...)", which sometimes makes it possible for Javascript to >> invoke components that were never intended to be used by a web browser. >> (Remember last year's Month of Browser Bugs? Most of the IE bugs on that >> list revolved around ActiveXObject.) >> >> ActiveXObject, and its security implications, are completely absent in >> Firefox. Not that Firefox has been free of Javascript security holes, >> though...as it evolved from 2.0 to 2.0.0.15, many of the updates >> included patches for Javascript security holes. Several of these involved >> ways for Javascipt to elevate its permissions from content (highly >> restricted) to chrome (unrestricted, with full access to your filesystem >> and the network). >> >> >> I'd be highly interested to learn how that port scanner worked. Did it >> depend on one particular browser? >> >> - Neil Parker >> _______________________________________________ >> EUGLUG mailing list >> [email protected] >> http://www.euglug.org/mailman/listinfo/euglug >> > _______________________________________________ > EUGLUG mailing list > [email protected] > http://www.euglug.org/mailman/listinfo/euglug > _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
