HackDig : Dig high-quality web security articles for hacker

Obtaining LAN IP from JavaScript for CSRF

2015-09-22 19:00
I recently came across an interesting PoC on GitHub for utilizing STUN to
determine a local LAN IP via JavaScript. This was surprising to me since I
thought you generally shouldn't be able to identify the LAN IP in
JavaScript so I have started using this in CSRF exploit demonstrations.

A brief explanation including a link back to the original work is on the
Tripwire State of Security blog here:

An interesting note to this is that even though the code references a
Mozilla STUN server on the internet, I was able to use this PoC in Chrome
on a LAN without any gateway to the Internet. The exploit page was
accessed via HTTP (from a local VM) so this is not some special case for
the file:// scheme. I tested this on a Windows and OS X Chrome release.
I'd be interested to hear any thoughts on why it works without a route to a
real STUN server.

Craig Young
Security Researcher, Tripwire VERT

Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/

Source: 28/peS/5102/erusolcsidlluf/gro.stsilces

Read:2282 | Comments:0 | Tags: Csrf

“Obtaining LAN IP from JavaScript for CSRF”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)


Tag Cloud