|
| |
|
|
SerenityNet
Posts: 1372
Joined: 6/12/2001
From: Allen, TX, USA
Status: offline
 |
Contents of clipboard - 2/11/2005 7:55:37
How do I grab the contents of a visitor's clipboard and display it in a textarea?
Andrew
_____________________________
</Chaos, panic, & disorder - my work here is done.>
|
|
|
|
rdouglass
Posts: 9280
From: Biddeford, ME USA
Status: offline
|
RE: Contents of clipboard - 2/11/2005 10:01:01
This help any?
<form name="myForm" method="POST" action="--WEBBOT-SELF--">
<textarea name="myField"></textarea>
<input type="submit" value="Submit" name="B1"><input type="reset" value="Reset" name="B2">
</form>
<script language="javascript">
var content = clipboardData.getData("Text");
document.forms["myForm"].elements["myField"].value = content;
</script>
_____________________________
Don't take you're eye off your final destination.
ASP Checkbox Function Tutorial.
| |
|
|
|
dpf
Posts: 7126
Joined: 11/12/2003
From: India-napolis
Status: offline
|
RE: Contents of clipboard - 2/11/2005 10:15:51
and this would require the users cooperation - I was hoping the answer wouldnt be that a site could just reach into my clipboard and grab it - can it?
_____________________________
Dan
| |
|
|
|
dpf
Posts: 7126
Joined: 11/12/2003
From: India-napolis
Status: offline
|
RE: Contents of clipboard - 2/11/2005 10:47:17
quote:
Actually it can grab (and this script does) without your intervention rdouglas: I can see that : var content = clipboardData.getData("Text");
document.forms["myForm"].elements["myField"].value = content;... puts my clickboard results into the textarea but..... it still requires me to click the submit button - doesnt it?????? that was what i meant by cooperation... omg wait - you mean you could put that ina hidden field and i would innocently complete other fields and hit submit - right???
_____________________________
Dan
| |
|
|
|
dpf
Posts: 7126
Joined: 11/12/2003
From: India-napolis
Status: offline
|
RE: Contents of clipboard - 2/11/2005 12:04:29
quote:
And No, I will NOT, absolutely NOT, post exactly how I did it. This is definitely an exploit but it's relatively easy to figure out. I certainly respect that! However, you know that it will drive me crazy all day ( and I doubt that "easy" are the same for you and me..lol) when you said go to "this page" ..do you mean this post page we are on? that totally baffles me - wow
_____________________________
Dan
| |
|
|
|
rdouglass
Posts: 9280
From: Biddeford, ME USA
Status: offline
|
RE: Contents of clipboard - 2/11/2005 13:27:43
Whoever just tried it, remember you need text on the clipboard for this particular test. I could build it for anything but I just did this one for text.....
The script thought the clipboard was empty if you're interested.
_____________________________
Don't take you're eye off your final destination.
ASP Checkbox Function Tutorial.
| |
|
|
|
dzirkelb1
Posts: 1315
Joined: 10/5/2004
From: Cedar Rapids, Iowa
Status: offline
|
RE: Contents of clipboard - 2/11/2005 13:53:10
That is definately, extremely scary...especially that the page is an insurance page!!
Imagine some rogue hacker out there placing some sort of redirect scheme on a page that google picks up....like, someone rigging it so they search for visa or something, the first result is the hacker page that makes it look like it goes to visa.com or something (and it does after it copies your clipboard and sends them an email with the contents)
Yeek!
| |
|
|
|
dpf
Posts: 7126
Joined: 11/12/2003
From: India-napolis
Status: offline
|
RE: Contents of clipboard - 2/11/2005 13:57:21
quote:
rogue well now that you mention it - look at rdouglass' hair - if that isnt rogueish, I am the Queen of Scotland
_____________________________
Dan
| |
|
|
|
dpf
Posts: 7126
Joined: 11/12/2003
From: India-napolis
Status: offline
|
RE: Contents of clipboard - 2/11/2005 14:07:44
quote:
Define "rogue". I could omit the g and you would be a roue..lol
_____________________________
Dan
| |
|
|
|
rdouglass
Posts: 9280
From: Biddeford, ME USA
Status: offline
|
RE: Contents of clipboard - 2/11/2005 14:21:21
2 more clipboard contents:
1. Roger: this is dan fitzgerald from outfront - dpf
2. for you and me..lol) when
Unless someone objects, I'm now removing it from action.
_____________________________
Don't take you're eye off your final destination.
ASP Checkbox Function Tutorial.
| |
|
|
|
SerenityNet
Posts: 1372
Joined: 6/12/2001
From: Allen, TX, USA
Status: offline
|
RE: Contents of clipboard - 2/11/2005 14:31:45
Thanks Roger. This is exactly what I was looking to find. I ran across the capability a couple of months ago on some security site. Obvioulsy I immediately quit copying and pasting my passwords and such sensitive information, and I close my browser between sites. I don't recall the site right now, but I'll look it up and post it when I get home tonight.
The reason I asked the question is that I'm slowly building a tool that displays the page's "environment". It reports on active session variables, server variables, server e-mail components installed, the user's IP, the user's geographical location, http header, referring page, URL's visited during session, and (of course) user's clipboard contents. I started the tool, just wanting to get variables, but then it just kind of grew to "what kind of information can I pull about the site and user?"
Thanks again.
Andrew
_____________________________
</Chaos, panic, & disorder - my work here is done.>
| |
|
|
|
SerenityNet
Posts: 1372
Joined: 6/12/2001
From: Allen, TX, USA
Status: offline
|
RE: Contents of clipboard - 2/11/2005 20:06:02
Here you go...
Examples of information that can be pulled from your sessions...
ZoneAlarm
_____________________________
</Chaos, panic, & disorder - my work here is done.>
| |
|
|
|
jeepless
Posts: 226
Joined: 12/20/2003
From: Smack in the middle of USA
Status: offline
|
RE: Contents of clipboard - 2/12/2005 9:26:59
quote:
Whoever just tried it, remember you need text on the clipboard for this particular test. I could build it for anything but I just did this one for text.....
The script thought the clipboard was empty if you're interested.
rdouglas: That may have been me trying out your "1.asp" page to see if it could read the contents of my clipboard. I went to your page right after you posted the link and I did have some text copied to the clipboard. However I later went to the "ZoneAlarm" pivacy test page posted by SerenityNet and it reported that I was "not vulnerable against this threat". So it would appear that Zone Alarm (which I run on all my machines) is effective at blocking the exploit you used. I guess that's why you didn't get my clipboard contents if I was indeed the one you were reporting on.
Nontheless, your code was a very enlightening example of what can be grabbed from a user when simply browsing a web page. In fact it's a bit scary....
| |
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts
|
|
|
Printable Version 
Put it on a page and try it out. I can put similar code with a hidden form and send your clipboard to a CGI (or whatever) without you even knowing it unless you have JavaScript turned off.
You don't even have to click ANYTHING? 
