Port scanning in Javascript

This is interesting, a port scanner written completely in Javascript. It creates a series of image objects and points the URL to an image file which would be found on a default installation of some web servers. Once found, the script could be modified to do something malicious to that webserver using any well known exploit.

Obviously, most production servers would be secured so won’t have this default file, however development servers might not be so secure.

The problem is that this isn’t something that can be secured against easily as so many websites use late-loading images by Javascript. The only solution I guess would be to prevent the types of files that the image could point at, but that would break lots of apps.

So until something changes, secure all your servers. [found via New Scientist]

Advertisements