Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_smarty.inc.php on line
541
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
18
04
2007
Java Applets sind eine tolle Sache. Sie ermöglichen einem die aller unterschiedlichsten Applikationen direkt vom Webbrowser aus zu starten.
Doch dies hat auch Kehrseiten. Was würde passieren wenn die geöffnete Applikation sich versucht mit einem Host zu verbinden und diesem eine Remoteshell offeriert.
Oder gehen wir einen Schritt weiter, was würde passieren wenn lokaler Schadcode ausgeführt wird?
Natürlich haben die Entwickler von SUN vorgesorgt und erlauben Java Applets per
default keine lokalen Anwendungen aufzurufen oder sonstige Befehle am System abzusetzen.
Dennoch benötigen einige Entwickler für Ihre Applikationen genau diese Fähigkeit. Daher gibt es die Möglichkeit mittels Zertifikat seine Applikation zu signieren und bei akzeptieren des Zertifikats, ist auch das Starten von lokalen Applikationen kein Problem mehr.
Nun wo liegt hier das Problem?
Ganz einfach.
Ein Angreifer könnte mit geschickten Social Engineering Techniken einen unerfahrenen User dazu bewegen diesem Zertifikat zuzustimmen und dann seinen Schadcode, im Hintergrund ohne das der Benutzer es mitbekommt, ausführen lassen.
Blacklotus (Thomas Schneider) und ich haben unter
http://www.remoteshell-security.com/poc/javapoc.html ein kleines Proof-of-Concept geschrieben, welches unter Windows den Befehl dir im Wurzelverzeichnis ausführt und diese dem lokalen Host schickt.
Unter
http://remoteshell-security.com/poc/jrspoc.html ist dann noch eine Remoteshell bzw. eine Reverse Shell als Java Applet die sich mit einem Ziel Socket verbindet.
Nachtrag:Das die Sache nicht neu ist, habe ich mir schon gedacht, aber anscheinend ist die Sache schon seit langen bekannt:
http://www.bsi.de/fachthem/sinet/gefahr/aktiveinhalte/definitionen/appletsgefahren.htm
Kommentare :
Noch keine Kommentare »
Kategorien : Programmierung
Trackbacks :
Keine Trackbacks »
Ansicht der Kommentare:
(
Linear | Verschachtelt)
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_comments.inc.php on line
292
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Only variables should be assigned by reference in
/www/htdocs/w0072ee3/blog/include/functions_smarty.inc.php on line
73
Kommentar schreiben
Deprecated: Assigning the return value of new by reference is deprecated in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
560
Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in
/www/htdocs/w0072ee3/blog/include/db/mysql.inc.php on line
270
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_config.inc.php on line
506
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::enum_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
951
Strict Standards: Non-static method serendipity_plugin_api::load_plugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
958
Strict Standards: Non-static method serendipity_plugin_api::probePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
542
Strict Standards: Non-static method serendipity_plugin_api::getClassByInstanceID() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
492
Strict Standards: Non-static method serendipity_plugin_api::includePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
497
Strict Standards: Declaration of serendipity_event_s9ymarkup::event_hook() should be compatible with serendipity_event::event_hook($event, &$bag, &$eventData, $addData = NULL) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_s9ymarkup/serendipity_event_s9ymarkup.php on line
146
Strict Standards: Declaration of serendipity_event_s9ymarkup::uninstall() should be compatible with serendipity_plugin::uninstall(&$propbag) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_s9ymarkup/serendipity_event_s9ymarkup.php on line
146
Strict Standards: Non-static method serendipity_plugin_api::get_plugin_title() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
962
Strict Standards: Non-static method serendipity_plugin_api::load_plugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
958
Strict Standards: Non-static method serendipity_plugin_api::probePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
542
Strict Standards: Non-static method serendipity_plugin_api::getClassByInstanceID() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
492
Strict Standards: Non-static method serendipity_plugin_api::includePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
497
Strict Standards: Declaration of serendipity_event_emoticate::event_hook() should be compatible with serendipity_event::event_hook($event, &$bag, &$eventData, $addData = NULL) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_emoticate/serendipity_event_emoticate.php on line
204
Strict Standards: Declaration of serendipity_event_emoticate::uninstall() should be compatible with serendipity_plugin::uninstall(&$propbag) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_emoticate/serendipity_event_emoticate.php on line
204
Strict Standards: Non-static method serendipity_plugin_api::get_plugin_title() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
962
Strict Standards: Non-static method serendipity_plugin_api::load_plugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
958
Strict Standards: Non-static method serendipity_plugin_api::probePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
542
Strict Standards: Non-static method serendipity_plugin_api::getClassByInstanceID() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
492
Strict Standards: Non-static method serendipity_plugin_api::includePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
497
Strict Standards: Declaration of serendipity_event_nl2br::event_hook() should be compatible with serendipity_event::event_hook($event, &$bag, &$eventData, $addData = NULL) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_nl2br/serendipity_event_nl2br.php on line
162
Strict Standards: Declaration of serendipity_event_nl2br::uninstall() should be compatible with serendipity_plugin::uninstall(&$propbag) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_nl2br/serendipity_event_nl2br.php on line
162
Strict Standards: Non-static method serendipity_plugin_api::get_plugin_title() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
962
Strict Standards: Non-static method serendipity_plugin_api::load_plugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
958
Strict Standards: Non-static method serendipity_plugin_api::probePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
542
Strict Standards: Non-static method serendipity_plugin_api::getClassByInstanceID() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
492
Strict Standards: Non-static method serendipity_plugin_api::includePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
497
Strict Standards: Declaration of serendipity_event_browsercompatibility::event_hook() should be compatible with serendipity_event::event_hook($event, &$bag, &$eventData, $addData = NULL) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_browsercompatibility/serendipity_event_browsercompatibility.php on line
80
Strict Standards: Non-static method serendipity_plugin_api::get_plugin_title() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
962
Strict Standards: Non-static method serendipity_plugin_api::load_plugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
958
Strict Standards: Non-static method serendipity_plugin_api::probePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
542
Strict Standards: Non-static method serendipity_plugin_api::getClassByInstanceID() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
492
Strict Standards: Non-static method serendipity_plugin_api::includePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
497
Deprecated: Assigning the return value of new by reference is deprecated in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php on line
469
Deprecated: Assigning the return value of new by reference is deprecated in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php on line
494
Deprecated: Assigning the return value of new by reference is deprecated in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php on line
538
Deprecated: Assigning the return value of new by reference is deprecated in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php on line
902
Strict Standards: Non-static method serendipity_plugin_api::get_plugin_title() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
962
Strict Standards: Non-static method serendipity_plugin_api::load_plugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
958
Strict Standards: Non-static method serendipity_plugin_api::probePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
542
Strict Standards: Non-static method serendipity_plugin_api::getClassByInstanceID() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
492
Strict Standards: Non-static method serendipity_plugin_api::includePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
497
Strict Standards: Declaration of serendipity_event_statistics::event_hook() should be compatible with serendipity_event::event_hook($event, &$bag, &$eventData, $addData = NULL) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_statistics/serendipity_event_statistics.php on line
1015
Strict Standards: Declaration of serendipity_event_statistics::uninstall() should be compatible with serendipity_plugin::uninstall(&$propbag) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_statistics/serendipity_event_statistics.php on line
1015
Strict Standards: Non-static method serendipity_plugin_api::get_plugin_title() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
962
Strict Standards: Non-static method serendipity_plugin_api::load_plugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
958
Strict Standards: Non-static method serendipity_plugin_api::probePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
542
Strict Standards: Non-static method serendipity_plugin_api::getClassByInstanceID() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
492
Strict Standards: Non-static method serendipity_plugin_api::includePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
497
Deprecated: Assigning the return value of new by reference is deprecated in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_spartacus/serendipity_event_spartacus.php on line
400
Deprecated: Assigning the return value of new by reference is deprecated in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_spartacus/serendipity_event_spartacus.php on line
444
Strict Standards: Declaration of serendipity_event_spartacus::event_hook() should be compatible with serendipity_event::event_hook($event, &$bag, &$eventData, $addData = NULL) in
/www/htdocs/w0072ee3/blog/plugins/serendipity_event_spartacus/serendipity_event_spartacus.php on line
1183
Strict Standards: Non-static method serendipity_plugin_api::get_plugin_title() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
962
Strict Standards: Non-static method serendipity_plugin_api::load_plugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
958
Strict Standards: Non-static method serendipity_plugin_api::probePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
542
Strict Standards: Non-static method serendipity_plugin_api::getClassByInstanceID() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
492
Strict Standards: Non-static method serendipity_plugin_api::includePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
497
Strict Standards: Non-static method serendipity_plugin_api::get_plugin_title() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
962
Strict Standards: Non-static method serendipity_plugin_api::load_plugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
958
Strict Standards: Non-static method serendipity_plugin_api::probePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
542
Strict Standards: Non-static method serendipity_plugin_api::getClassByInstanceID() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
492
Strict Standards: Non-static method serendipity_plugin_api::includePlugin() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
497
Strict Standards: Non-static method serendipity_plugin_api::get_plugin_title() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
962
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_config.inc.php on line
506
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/serendipity_config.inc.php on line
399
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/genpage.inc.php on line
31
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::count_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/genpage.inc.php on line
34
Strict Standards: Non-static method serendipity_plugin_api::count_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/genpage.inc.php on line
35
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_entries.inc.php on line
514
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_entries.inc.php on line
572
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_entries.inc.php on line
555
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_entries.inc.php on line
943
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_entries.inc.php on line
1026
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_entries.inc.php on line
1094
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_comments.inc.php on line
292
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Strict Standards: Only variables should be assigned by reference in
/www/htdocs/w0072ee3/blog/include/functions_smarty.inc.php on line
73
Strict Standards: Only variables should be assigned by reference in
/www/htdocs/w0072ee3/blog/include/functions_smarty.inc.php on line
73
Strict Standards: Only variables should be assigned by reference in
/www/htdocs/w0072ee3/blog/include/functions_smarty.inc.php on line
73
Strict Standards: Non-static method serendipity_plugin_api::hook_event() should not be called statically in
/www/htdocs/w0072ee3/blog/include/functions_smarty.inc.php on line
541
Strict Standards: Non-static method serendipity_plugin_api::get_event_plugins() should not be called statically in
/www/htdocs/w0072ee3/blog/include/plugin_api.inc.php on line
1007
Trackbacks
Strict Standards: Only variables should be assigned by reference in /www/htdocs/w0072ee3/blog/include/functions_smarty.inc.php on line 73
Keine Trackbacks