I think this is regarded as an attack from the point of view of an ordinary web browser, and therefore that there are defences against it. Java applets for example can only talk to their origin server. I don't know whether javascript can submit forms on its own. But there have been things like this discussed on bugtraq (years ago when I read bugtraq).
Try it. On Thu, Jun 01, 2006 at 03:57:27AM -0400, Colin Davis wrote: > In looking at SinnerG's automatic reference adding script, it occurs to > me that there is a threat in the combination of the darknet and > automatically running on port 8888... > > Couldn't a internet website utilize Javascript to connect to > localhost:8888 of each user (utilizing an iframe or such). > > In doing so, they can connect to, and gather information on, every > freenet user who visits their site... > > Tey could harvest everyone's network connections (building a map of the > network), as well as change configuration options, or disconnect nodes. > > This seems like a somewhat signifigant problem.. Thoughts? > > -Colin -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20060601/102d02cd/attachment.pgp>
