HackDig : Dig high-quality web security articles for hacker

Obtaining LAN IP from JavaScript for CSRF

2015-09-22 19:00
I recently came across an interesting PoC on GitHub for utilizing STUN to
determine a local LAN IP via JavaScript. This was surprising to me since I
thought you generally shouldn't be able to identify the LAN IP in
JavaScript so I have started using this in CSRF exploit demonstrations.

A brief explanation including a link back to the original work is on the
Tripwire State of Security blog here:
http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/smart-cross-site-request-forgery-csrf/

An interesting note to this is that even though the code references a
Mozilla STUN server on the internet, I was able to use this PoC in Chrome
on a LAN without any gateway to the Internet. The exploit page was
accessed via HTTP (from a local VM) so this is not some special case for
the file:// scheme. I tested this on a Windows and OS X Chrome release.
I'd be interested to hear any thoughts on why it works without a route to a
real STUN server.

Thanks,
Craig Young
Security Researcher, Tripwire VERT
@CraigTweets

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


Source: 28/peS/5102/erusolcsidlluf/gro.stsilces

Read:2282 | Comments:0 | Tags: Csrf

“Obtaining LAN IP from JavaScript for CSRF”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud