XSSing the Lan 2
First of all the attackers may take advantage of a device vulnerable to XSS (Cross-site Scripting). In this case, all they need to do is to make an
XmlHttpRequestswithout any restrictions. In the AJAX world, the
XmlHttpRequestis the most well know technology for performing
On the other hand, in case the current browser has an outdated Flash plugin, the malicious site can perform the desired attack without the need of an internal device being vulnerable to XSS as I outlined in this post. However this is probably not going to work in most cases because the Flash Plugin updates are enforced on regular basis by Adobe. The attackers can take advantage of several Flash bugs widely discussed in the past.
In case sensitive information needs to be transferred from the local LAN to a remote collection point, a number of techniques can be employed with a various degree of success. For example, a Flash object can store a lot of information by using the AJAX MAssive Storage System (AMASS) technique. When the storage reaches a critical mass (99K) the content can be automatically dumped at a remote collection point via a series of POST or GET request. All this can be achieved from Flash (all versions). Of course the remote collection point needs to have a
crossdomain.xml file served from the document root or some other location in order to allow cross domain requests in case the Flash plugin is in its latest version with maximum security "on".
All of these stuff are performed at runtime. The attacker can detect what version of Flash is currently used. Based on that, the best attack vector is selected. This can be trivially achieved by using some well known AJAX libraries available for free.