Possible to use Javascript to access the client side's network(knowingly)

Posted by Earlz on Stack Overflow See other posts from Stack Overflow or by Earlz
Published on 2012-06-07T21:56:27Z Indexed on 2012/06/08 4:40 UTC
Read the original article Hit count: 197

Filed under:

JavaScript

|

forms

|

cross-domain

|

screen-scraping

I recently found an exploit in my router to basically give me root access. The catch? There is a nonce hidden form value that is randomly generated and must be sent in for it to work that makes it difficult to do "easily"

So basically I'm wanting to do something like this in javascript:

get http://192.168.1.254/blah
use a regex or similar to extract the nonce value
put the nonce value into a hidden field in the current page
submit the form by POST to http://192.168.1.254/blah complete with the nonce value and other form values I want to send in.

Is this at all possible using only HTML and Javascript? I'm open to things like "must save HTML file locally and then open", which I'm thinking is one way around the cross domain policy.

But anyway, is this at all possible? I'm hoping for this to be able to run from at least Firefox and Chrome. The audience for this is those with some technical know how.

© Stack Overflow or respective owner

Related posts about JavaScript

CHAT ROOMs 7 by 6

as seen on Stack Overflow - Search for 'Stack Overflow'
I am looking for chatroom on one page with 7 loggedin users and 6+rows for say 42 users.these users will keep on adding wthnew users.Need urgent help.A PRETTY UNUSUAL Q FOR MOST OF U.What is MORE REQ new features: Usernames are unique to users currently chatting You can see a "currently chatting"… >>> More
Integrating JavaScript Unit Tests with Visual Studio

as seen on Stephen Walter - Search for 'Stephen Walter'
Modern ASP.NET web applications take full advantage of client-side JavaScript to provide better interactivity and responsiveness. If you are building an ASP.NET application in the right way, you quickly end up with lots and lots of JavaScript code. When writing server code, you should be writing… >>> More
Has Javascript developed beyond what it was originally designed to do?

as seen on Programmers - Search for 'Programmers'
I've been talking with a friend about the purpose of Javascript, when and how it should be used, etc. He quoted that: JavaScript was designed to add interactivity to HTML pages [...] JavaScript gives HTML designers a programming tool HTML authors are normally not programmers… >>> More
PHP, javascript, single quote problems with IE when passing variable from ajax post to javascript fu

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi! I have been trying to get this to work for a while, and I suspect there's an easy solution that I just can't find. My head feels like jelly and I would really appreciate any help. My main page.php makes a .post() to backend.php and fetches a list of cities which it echoes in the form of: <li… >>> More
Javascript in XSL that is loaded by Javascript

as seen on Stack Overflow - Search for 'Stack Overflow'
Is there anyway to have javascript run when a XSL sheet has been applied to an XML file by Javascript? I am using a JQuery plugin to apply the sheet to the xml but the javascript that is located inside of the XSL file will not run. I put the Javascript at the bottom of the file and it still does… >>> More

Related posts about forms

Designer issue in VS: Events cannot be set on the object passed to the event binding service ...

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a little problem: the Winform control (that contains between others WPF) suddenly stopped to be displayed in Designer. Message: Events cannot be set on the object passed to the event binding service because a site associated with the object could not be located. Call Stack: … >>> More
Winforms TabControl causing spurious Paint events for UserControl

as seen on Stack Overflow - Search for 'Stack Overflow'
For our project, we've written a WinForms UserControl for graphing. We're seeing some strange behavior when our control is sited in a TabControl - our control continuously fires Paint events, even when there is absolutely no activity by the user. We only see this in the TabControl. When we site… >>> More
C# Gui setting control.Enabled to false fires OnClick event???

as seen on Stack Overflow - Search for 'Stack Overflow'
For some really weird reason when i set the .Enabled property to false on a simple text box on a small GUI, it fires a radio buttons OnClick event and its causing lots of problems. I have breakpointed the txtBox.Enabled = false; and after stepping over OR into it i jump straight to the OnClick event… >>> More
Django's forms.Form vs forms.ModelForm

as seen on Stack Overflow - Search for 'Stack Overflow'
Could anyone please explain to me similarities and differences of Django's forms.Form & forms.ModelForm? I've used Django for 4 days, so excuse me if I don't know basic things. Thanks in advance! >>> More
C#.NET Forms programing - Modal and Non-Modal forms problem

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, I have a problem with modality of the forms under C#.NET. Let's say I have main form #0 (see the image below). This form represents main application form, where user can perform various operations. However, from time to time, there is a need to open additional non-modal form to perform additional… >>> More