Port scanning in Javascript

This is interesting, a port scanner written completely in Javascript. It creates a series of image objects and points the URL to an image file which would be found on a default installation of some web servers. Once found, the script could be modified to do something malicious to that webserver using any well known exploit.

Obviously, most production servers would be secured so won’t have this default file, however development servers might not be so secure.

The problem is that this isn’t something that can be secured against easily as so many websites use late-loading images by Javascript. The only solution I guess would be to prevent the types of files that the image could point at, but that would break lots of apps.

So until something changes, secure all your servers. [found via New Scientist]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s