Quote:
Originally Posted by mono
How does it know what's the DNS name of the printer on your internal LAN. I got this hack to work by typing the ip address of my networked
printer. How would a malicious script know that ahead of time?
|
Actually, it is possible for a web based applet to determine what (local) IP address the computer is using and scan the entire subnet looking for devices that respond to requests on a certain port. I've, uh... ahem... seen somebody else do it. You could also use a javascript that guesses what the local subnet of the computer would be and tries every address. This is even easier for routers - in default installations, there are maybe three common IP addresses for routers (192.168.0.1, 192.168.1.1, 10.0.0.1) and so many default usernames and passwords that you could easily create a simple script that would change the router's settings or cause the router to crash.