Kanatoko published yet another way to do Anti-DNS pinning and port scanning using Flash and potentially Java as well. This is scary for two reasons. First, the anti-DNS pinning trick (the obvious one) and second is the fact that Flash can now read raw sockets. This means Flash just got a lot more powerful. It can read any binary output and interact with it. Does anyone else think this is as scary as I do?

There is a writeup at Adobe’s site on the 9.x socket functionality of the Flash player. I haven’t heard about anyone exploiting this until today (nor have I ever heard about the socket functionality until now, either). But I am guessing this will spark a new wave of security holes now that you have read access to the ports that the user’s browser has access (the most interesting of which are on the Intranet). But this also paves the way for a lot more interesting IP security related hacks. Crazy times, and nice work, Kanatoko!

This entry was posted on Friday, January 12th, 2007 at 10:15 am and is filed under Webappsec. You can leave a response as well.