2020-12: another reason why JavaScript SUCKS badly and websites NEED TO WORK without JS: it might “destroy” NAT security:
NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim’s NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website.
https://www.zerodayinitiative.com/blog/2018/11/13/pwn2own-tokyo-2018-day-one-results
Confirmed! JavaScript is indeed EVIL!
just imagine you surf a hacked website… that hijacks your phone calls expensive numbers… sends spam mail and whatsapp messages to your trusted friends and encrypts all your holiday pictures.
CONGRATULATIONS!
“The @fluoroacetate duo used an integer overflow in the JavaScript engine of the #Xiaomi web browser to exfiltrate a picture from the phone. They earn $25K and 6 Master of Pwn points.”
https://www.youtube.com/channel/UChbH7B5YhXANmlMYJRHpw0g
https://www.linkedin.com/in/michael-contreras-460029a7
as seen on:
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!