"Posick, Steve" wrote: > > I've written an applet that exploits this flaw. I could NOT get the > applet to open a socket to any host other > than the host that the applet resides on. I could connect to the > applet from any other machine, but the applet > was unable to accept the connection using the ServerSocket.accept() > method. Therefore to my knowledge > this bug can not be used by itself to transfer data to any host other > than the HTTP server in which it resides. Looking at the Java library code... When the ServerSocket is created for 'port' the following is called: System.getSecurityManager().checkListen(port) This is allowed because the applet is allowed to talk to the host it came from. As you say, to actually get any data you need to call: ServerSocket.accept() This is checked by: System.getSecurityManager().checkAccept(host, port) This looks at the port number and the address the connection is coming from. So, as the original applet that the guy posted didn't do an accept() it didn't prove that any host can connect to the socket. -- Simon Kilvington, s.kilvingtonat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:34:27 PDT