Java and Javascript

From: David F. Madrid (conde0@telefonica.net)
Date: 04/02/03

  • Next message: Peter J. Holzer: "Re: Oracle JDBC: Inconsistent handling of timestamps"
    Date: Wed, 02 Apr 2003 04:08:25 +0200
    To: bugtraq@securityfocus.com
    From: "David F. Madrid" <conde0@telefonica.net>
    
    

    Opera and Netscape browsers allow you to include java methods calls in your
    javascript .
      As Javascript has support for objects you can use objects returned by
    these calls in your scripts .

    I have been looking for information about the possibly security
    implications ( and vulnerabilities
    published ) that this could have , but have found nothing . Doing some test
    by myself this is but
    I have found .

    Opera 6.01

    If you use Opera 6.01 you can make calls to Java exec function , which
    executes the command
    line passed to it . This means you can execute any program . Here is a
    small demonstration

    http://usuarios.lycos.es/idoru/petaopera.html

    The second link executes windows calculator . The first link executes
    verifier.exe , a W2000/XP
    program , causing a buffer overflow in it ( W2000 server is full of command
    line buffer overflows ),
    this means that just visiting a webpage ( a malicious site or a post in a
    forum ) code can be
    executed in your machine with user priviliges .

    Besides , playing with sockets from javascript you can obtain the local Ip
    address with

    var host=java.net.InetAddress.getLocalHost();

    and use it to connect to an arbitrary local tcp port on your IP . If you
    are connected to a LAN ,
    you can connect with every socket in your LAN interface.This means that
    with viewing some
    post in a forum , a script can connect to a port on your PC and send and
    recieve data ( as
    classes like InputDataStram can be used as well ). A new type of cross site
    scripting focused
    in exploiting vulnerable services .

    An example can be found here , connection to port 139 can be tracked with
    netstat ( before
    closing the browser )

    http://usuarios.lycos.es/idoru/sockets.html

    Opera 7.02 and Netscape 7.02

    Both browsers donīt allow to make java calls to determinate methods . Well
    , are allowed
      by they return a null . You can`t execute exec or delete , just methods
    like java.io.File.exists()
    or java.io.File.list() but you can still execute sockets .

    Fourtunately , I wasnīt able of retriving another IP different from
    localhost when the script is
    executed in the server , but it works fine if you email the webpage ,
    establishing the connection
    with port 139 . I donīt know if there is an alternative method of
    retrieving a visitor's IP address from
    java or javascript but if there is this can be exploitable via webpage .

    Email sockets.html to you or open it locally and you will see a connection
    with netstat .

    Regards ,

    David F.Madrid ,
    Madrid , Spain


  • Next message: Peter J. Holzer: "Re: Oracle JDBC: Inconsistent handling of timestamps"

    Relevant Pages

    • Using Java from Javascript
      ... Opera and Netscape browsers allow you to include java methods calls in ... As Javascript has support for objects you can use ... The second link executes windows calculator. ...
      (NT-Bugtraq)
    • Re: Some Boxes etc Dont Show Up in Loaded Web Pages
      ... I believe that it is probably some setting or or something missing in the OS, since both browsers do the same thing. ... Javascript or Inscript ... An option like Java, is different, in that you have to install JRE ... Ajax is explained here. ...
      (microsoft.public.windowsxp.general)
    • Re: Some Boxes etc Dont Show Up in Loaded Web Pages
      ... I believe that it is probably some setting or or something missing in the OS, since both browsers do the same thing. ... Javascript or Inscript ... An option like Java, is different, in that you have to install JRE ... Ajax is explained here. ...
      (microsoft.public.windowsxp.general)
    • Using Java from Javascript
      ... Opera and Netscape browsers allow you to include java methods calls in your ... As Javascript has support for objects you can use objects returned by ... The second link executes windows calculator. ... localhost when the script is ...
      (Bugtraq)
    • Re: Applet Question
      ... I am baffled by the appeal of JavaScript. ... Read up on how you write extensions to browsers, email programs, IDEs ... Java has one major drawback. ... but the focus on money makes software manufacturers ...
      (comp.lang.java.programmer)