Gus Wirth <[EMAIL PROTECTED]> wrote:
var urlDetect = "http://localhost:45100/magnet10/badge.img";;
What the hell was running a web server locally on port 45100? Answer: Azureus
Having a web server running on localhost isn't a big deal. Without reading the code, what the JavaScript would do, since it runs on the *client*, it connects to the loopback, and does all its calculations on the user's machine, and then presto! Changes the URL to either "download" or have Azureus pick up. It could be taken advantage of. My suggestion: probe to see if that first URL loads. If it does, send a request back to the server saying that Azureus is running. Just run ethereal or grep your Squid logs if you're really worried. -- Stephen Cope - http://sdc.org.nz/ -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
