Using Java from Javascript

From: idoru@VIDEOSOFT.NET.UY
Date: 04/02/03

  • Next message: [SANG] Peter A. Sang: "IIS 5: strange problems handling certain file names"
    Date:         Tue, 1 Apr 2003 22:46:26 -0300
    From: idoru@VIDEOSOFT.NET.UY
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Opera and Netscape browsers allow you to include java methods calls in
    your javascript . As Javascript has support for objects you can use
    objects returned by these calls in your scripts .
    I have been looking for information about the possibly security
    implications ( and vulnerabilities published ) that this could have , but
    have found nothing . Doing some test by myself this is but I have found .
    Opera 6.01

    If you use Opera 6.01 you can make calls to Java exec function , which
    executes the command line passed to it . This means you can execute any
    program . Here is a small demonstration
    http://usuarios.lycos.es/idoru/petaopera.html

    The second link executes windows calculator . The first link executes
    verifier.exe , a W2000/XP program , causing a buffer overflow in it (
    W2000 server is full of command line buffer overflows ), this means that
    just visiting a webpage ( a malicious site or a post in a forum ) code can
    be executed in your machine with user priviliges .
    Besides , playing with sockets from javascript you can obtain the local Ip
    address with
    var host=java.net.InetAddress.getLocalHost();

    and use it to connect to an arbitrary local tcp port on your IP . If you
    are connected to a LAN , you can connect with every socket in your LAN
    interface.This means that with viewing some post in a forum , a script can
    connect to a port on your PC and send and recieve data ( as classes like
    InputDataStram can be used as well ). A new type of cross site scripting
    focused in exploiting vulnerable services .
    An example can be found here , connection to port 139 can be tracked with
    netstat ( before closing the browser )
    http://usuarios.lycos.es/idoru/sockets.html

    Opera 7.02 and Netscape 7.02

    Both browsers donīt allow to make java calls to determinate methods . Well
    , are allowed by they return a null . You can`t execute exec or delete ,
    just methods like java.io.File.exists() or java.io.File.list() but you can
    still execute sockets .
    Fourtunately , I wasnīt able of retriving another IP different from
    localhost when the script is executed in the server , but it works fine if
    you email the webpage , establishing the connection with port 139 . Just
    open the file attached and click the link . I donīt know if there is an
    alternative method of retrieving a visitor's IP address from java or
    javascript but if there is this can be exploitable via webpage .

    Regards ,

    David F.Madrid ,
    Madrid , Spain

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by Prometric - More than testing, learning.
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    http://www.prometric.com

    Prometric, part of The Thomson Corporation, is the leader in
    technology-enabled testing and assessment services for information
    technology certification, academic admissions, professional licensure and
    certifications, computer-based driver's licensing, and corporate testing.

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo


  • Next message: [SANG] Peter A. Sang: "IIS 5: strange problems handling certain file names"

    Relevant Pages

    • Using Java from Javascript
      ... Opera and Netscape browsers allow you to include java methods calls in your ... As Javascript has support for objects you can use objects returned by ... The second link executes windows calculator. ... localhost when the script is ...
      (Bugtraq)
    • Java and Javascript
      ... Opera and Netscape browsers allow you to include java methods calls in your ... As Javascript has support for objects you can use objects returned by ... The second link executes windows calculator. ... Both browsers donīt allow to make java calls to determinate methods. ...
      (Bugtraq)
    • Re: =?iso-8859-15?Q?B=F6ses?= HTML und Co. wie abwehren?
      ... z.B. Firefox und Opera). ... Ohne Javascript ist heutzutage kaum ein Content nutzbar. ... ueber einen Menuepunkt oder Hotkey Javascript ... Java sollte keine Schreibrechte bekommen. ...
      (de.comp.security.misc)
    • Re: iceweasel puzzle
      ... Java and Javascript are enabled and both work. ... opera: it is blank. ... non-instantiatable type `' ...
      (Debian-User)
    • Re: Calling java within javascript
      ... executed BEFORE the javascript executes? ... The javascript only sees the output resulting from the java ... request on the server? ... You will need something Java on the server side that can get your value ...
      (comp.lang.javascript)