Closed
Bug 1328112
Opened 8 years ago
Closed 8 years ago
img tag src attribute client ddos/botnet (srcnet)
Categories
(Firefox :: Untriaged, defect)
Firefox
Untriaged
Tracking
()
RESOLVED
INVALID
People
(Reporter: tinofileccia, Unassigned)
Details
Attachments
(1 file)
196.87 KB,
application/x-zip-compressed
|
Details |
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Firefox for Android
Steps to reproduce:
I wrote some javascript code that would activate a function that generates multiple img tags with the src attributes set to the target url with a different number at the end of each 'src' value so that results cannot be pulled from cache. I have included all the files used to reproduce this along with a readme file and screenshots. I used a node.js server with socket.io to host a server that can control the function to multiple clients (bots). The code can eaisly be modified to work outside of the /client page and on other domains. To try it for yourself, you must have node and npm installed. Extract the zipped folder and navigate to it in cmd/terminal. Once you are inside the folder, type the following commands: 'npm install' & 'npm install ejs'. Once it has installed the modules sucessfully, start the server by typing, 'node index.js'. If no errors occured, navigate to http://localhost:3000/ in your web browser and login (username: datboi / password: 0e1b8b3ef01dad60a89c3b16b6eeff54). Once you have sucessfully logged in, open another tab with the url: http://localhost:3000/client. This represents an infected tab. Now, start up the python server. Set the target input to (http://localhost:2000/). Watch the output of the python server for activity. Instructions are also documented in the readme
Actual results:
Currently all browsers are vulnerable to this exploit, but I was able to send the most amount of request with firefox clients.
Expected results:
The patch for this exploit is out of my creative grasp.
Reporter | ||
Updated•8 years ago
|
Severity: normal → critical
Component: Untriaged → Tabbed Browser
OS: Unspecified → All
Priority: -- → P4
Hardware: Unspecified → All
Comment 1•8 years ago
|
||
Yes, with JS you can make an arbitrary number of requests to an arbitrary server on the web. <img> tags are not the only way to do this. This is a documented aspect of how the web works, and not one browsers can change or fix without significant changes to the entire web platform. This bug tracker isn't the right place to have discussions about such changes. This is not a browser vulnerability, so I'm marking the bug INVALID and removing the 'security' marker.
Severity: critical → normal
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Component: Tabbed Browser → Untriaged
Priority: P4 → --
Resolution: --- → INVALID
Updated•8 years ago
|
Group: firefox-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•