Friday, June 08, 2007

How to use Javascript to circumvent security

One of the things that I've found playing around with Google gadgets and Javascript recently is that these XML libraries very helpfully enable you to pull down XML content from pretty much any site you like. I found this out by accident while playing with the Yahoo libraries and some external software to see if I could pull stuff from my internal machine and put it out onto the external ones. I could.

Now what this means is that with a bit of basic coding, maybe something as simple as doing a loop on http://10.0.0.1/feed and just upping the ip address you might be able to get hold of internal feeds and then submit that content externally. Because the javascript is living in the browser there is no security around the retrieval or submission, because the users SSO will get them internally and they are already sorted on their company proxy.http://www.blogger.com/img/gl.link.gif

As more platforms support "standard" RSS & Atom feeds for information which have standard URI names then the ability of such hunt and find techniques will be much more effective, and because you can use a remote script load approach you can keep your cracking script up to date based on what is working and what is not.

IBM have a good article that goes into the challenges of javascript (and the script tag) and security and what this means for mashups.

Technorati Tags: ,

No comments: