Please explain how the outside world can know what my LAN IP address is.
- Thread starter TechnoPro
- Start date
They used javascript to grab it from your local pc most likely.
Disable java and try it again, the entire "Internal IP Exposed! xxx.xxx.xxx.xxx Get patched!" block of text doesnt even appear.
Cheap trick to get you to buy something.
Disable java and try it again, the entire "Internal IP Exposed! xxx.xxx.xxx.xxx Get patched!" block of text doesnt even appear.
Cheap trick to get you to buy something.
Quite clever how they do it.
Look at the source of the page and you'll see Unicode hex like this:
\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u002f\u0061\u0064\u0074\u002e\u0061\u0073\u0070\u0022\u0020\u0077\u0069\u0064\u0074\u0068\u003d\u0022\u0032\u0030\u0030\u0022\u0020\u0068\u0065\u0069\u0067\u0068\u0074\u003d\u0022\u0038\u0030\u0022\u0020\u006d\u0061\u0072\u0067\u0069\u006e\u0077\u0069\u0064\u0074\u0068\u003d\u0022\u0031\u0022\u0020\u006d\u0061\u0072\u0067\u0069\u006e\u0068\u0065\u0069\u0067\u0068\u0074\u003d\u0022\u0031\u0022\u0020\u0061\u006c\u0069\u0067\u006e\u003d\u0022\u0074\u006f\u0070\u0022\u0020\u0073\u0063\u0072\u006f\u006c\u006c\u0069\u006e\u0067\u003d\u0022\u006e\u006f\u0022\u0020\u0066\u0072\u0061\u006d\u0065\u0062\u006f\u0072\u0064\u0065\u0072\u003d\u0022\u0030\u0022\u003e\u003c\u002f\u0069\u0066\u0072\u0061\u006d\u0065\u003e
Cleaned up, it looks like this:
003c 0069 0066 0072 0061 006d 0065 0020 0073 0072 0063 003d 0022 002f 0061 0064 0074 002e 0061 0073 0070 0022 0020 0077 0069 0064 0074 0068 003d 0022 0032 0030 0030 0022 0020 0068 0065 0069 0067 0068 0074 003d 0022 0038 0030 0022 0020 006d 0061 0072 0067 0069 006e 0077 0069 0064 0074 0068 003d 0022 0031 0022 0020 006d 0061 0072 0067 0069 006e 0068 0065 0069 0067 0068 0074 003d 0022 0031 0022 0020 0061 006c 0069 0067 006e 003d 0022 0074 006f 0070 0022 0020 0073 0063 0072 006f 006c 006c 0069 006e 0067 003d 0022 006e 006f 0022 0020 0066 0072 0061 006d 0065 0062 006f 0072 0064 0065 0072 003d 0022 0030 0022 003e 003c 002f 0069 0066 0072 0061 006d 0065 003e
Converted, it becomes an iframe:
<iframe src="/adt.asp" width="200" height="80" marginwidth="1" marginheight="1" align="top" scrolling="no" frameborder="0">
They pull the same Unicode hex stunt on the "auditmypc.com/adt.asp" page. Once cleaned up and converted, it reads:
<applet width="1" height="1" code="auditmypc.class">
So there's the scoop. A simple java applet. I'm not sure how crazy I am about the security ramifications of this cheap trick.
Look at the source of the page and you'll see Unicode hex like this:
\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u002f\u0061\u0064\u0074\u002e\u0061\u0073\u0070\u0022\u0020\u0077\u0069\u0064\u0074\u0068\u003d\u0022\u0032\u0030\u0030\u0022\u0020\u0068\u0065\u0069\u0067\u0068\u0074\u003d\u0022\u0038\u0030\u0022\u0020\u006d\u0061\u0072\u0067\u0069\u006e\u0077\u0069\u0064\u0074\u0068\u003d\u0022\u0031\u0022\u0020\u006d\u0061\u0072\u0067\u0069\u006e\u0068\u0065\u0069\u0067\u0068\u0074\u003d\u0022\u0031\u0022\u0020\u0061\u006c\u0069\u0067\u006e\u003d\u0022\u0074\u006f\u0070\u0022\u0020\u0073\u0063\u0072\u006f\u006c\u006c\u0069\u006e\u0067\u003d\u0022\u006e\u006f\u0022\u0020\u0066\u0072\u0061\u006d\u0065\u0062\u006f\u0072\u0064\u0065\u0072\u003d\u0022\u0030\u0022\u003e\u003c\u002f\u0069\u0066\u0072\u0061\u006d\u0065\u003e
Cleaned up, it looks like this:
003c 0069 0066 0072 0061 006d 0065 0020 0073 0072 0063 003d 0022 002f 0061 0064 0074 002e 0061 0073 0070 0022 0020 0077 0069 0064 0074 0068 003d 0022 0032 0030 0030 0022 0020 0068 0065 0069 0067 0068 0074 003d 0022 0038 0030 0022 0020 006d 0061 0072 0067 0069 006e 0077 0069 0064 0074 0068 003d 0022 0031 0022 0020 006d 0061 0072 0067 0069 006e 0068 0065 0069 0067 0068 0074 003d 0022 0031 0022 0020 0061 006c 0069 0067 006e 003d 0022 0074 006f 0070 0022 0020 0073 0063 0072 006f 006c 006c 0069 006e 0067 003d 0022 006e 006f 0022 0020 0066 0072 0061 006d 0065 0062 006f 0072 0064 0065 0072 003d 0022 0030 0022 003e 003c 002f 0069 0066 0072 0061 006d 0065 003e
Converted, it becomes an iframe:
<iframe src="/adt.asp" width="200" height="80" marginwidth="1" marginheight="1" align="top" scrolling="no" frameborder="0">
They pull the same Unicode hex stunt on the "auditmypc.com/adt.asp" page. Once cleaned up and converted, it reads:
<applet width="1" height="1" code="auditmypc.class">
So there's the scoop. A simple java applet. I'm not sure how crazy I am about the security ramifications of this cheap trick.
BlueWeasel
Lifer
- Jun 2, 2000
- 15,944
- 475
- 126
also there are other protocols where the actual or internal IP address is carried in the packets. no java required.
net meeting, ftp, etc.
net meeting, ftp, etc.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter