开发者

Django: Is it possible to trigger shell command in the client?

开发者 https://www.devze.com 2023-02-21 00:28 出处:网络
I wanted to do a iwlist scanning on the client but I want this to happen only when the client clicks on the button in a webpage. Server uses Django. Is this possi开发者_高级运维ble?

I wanted to do a iwlist scanning on the client but I want this to happen only when the client clicks on the button in a webpage. Server uses Django. Is this possi开发者_高级运维ble?

I know this could cause some security concerns but that is not my focus right now. I'm trying to create a location fingerprinting-based web app.


I've heard that, under some browsers, it's possible for file://-based tools like TiddlyWiki to launch applications by referencing them with file://, but I don't know if you can do it with an argument and, as I remember, modern browsers only let you link to file:// from a page that's already loaded via file:// to explicitly prevent that kind of exploit.

In theory, it can be used in ways similar to what made ActiveX such a security nightmare.


Modern browsers are all designed to expressly prohibit the kind of action you are trying to perform--namely running some arbitrary binary on the client machine. There is no way to accomplish that short of taking advantage of some security hole.

If you write a custom Chrome Extension or Firefox addon and get the user to download and install it, then maybe you can do something like that, but even extensions/addons are kept in a very tightly controlled sandbox by the browser to keep the client machine safe.

0

精彩评论

暂无评论...
验证码 换一张
取 消