Closed Bug 1328112 Opened 8 years ago Closed 8 years ago

img tag src attribute client ddos/botnet (srcnet)

Categories

(Firefox :: Untriaged, defect)

defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: tinofileccia, Unassigned)

Details

Attachments

(1 file)

196.87 KB, application/x-zip-compressed
Details
Attached file srcnet_firefox.zip
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Firefox for Android Steps to reproduce: I wrote some javascript code that would activate a function that generates multiple img tags with the src attributes set to the target url with a different number at the end of each 'src' value so that results cannot be pulled from cache. I have included all the files used to reproduce this along with a readme file and screenshots. I used a node.js server with socket.io to host a server that can control the function to multiple clients (bots). The code can eaisly be modified to work outside of the /client page and on other domains. To try it for yourself, you must have node and npm installed. Extract the zipped folder and navigate to it in cmd/terminal. Once you are inside the folder, type the following commands: 'npm install' & 'npm install ejs'. Once it has installed the modules sucessfully, start the server by typing, 'node index.js'. If no errors occured, navigate to http://localhost:3000/ in your web browser and login (username: datboi / password: 0e1b8b3ef01dad60a89c3b16b6eeff54). Once you have sucessfully logged in, open another tab with the url: http://localhost:3000/client. This represents an infected tab. Now, start up the python server. Set the target input to (http://localhost:2000/). Watch the output of the python server for activity. Instructions are also documented in the readme Actual results: Currently all browsers are vulnerable to this exploit, but I was able to send the most amount of request with firefox clients. Expected results: The patch for this exploit is out of my creative grasp.
Severity: normal → critical
Component: Untriaged → Tabbed Browser
OS: Unspecified → All
Priority: -- → P4
Hardware: Unspecified → All
Yes, with JS you can make an arbitrary number of requests to an arbitrary server on the web. <img> tags are not the only way to do this. This is a documented aspect of how the web works, and not one browsers can change or fix without significant changes to the entire web platform. This bug tracker isn't the right place to have discussions about such changes. This is not a browser vulnerability, so I'm marking the bug INVALID and removing the 'security' marker.
Severity: critical → normal
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Component: Tabbed Browser → Untriaged
Priority: P4 → --
Resolution: --- → INVALID
Group: firefox-core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: