Giter VIP home page Giter VIP logo

Comments (4)

parves272 avatar parves272 commented on July 20, 2024 1

IDM350 added a commit to IDM350/socket.io-computer that referenced this issue on Aug 5, 2015
Control mouse and keyboard access on server side (#8)

Not working with last updated files > delegated.js | emu.js | io.js | turn.js

node io.js
(getting error)

/var/www/html/socket.io-computer/delegated.js:27
module.exports = delegatedListeners;
^^^^^^
SyntaxError: Unexpected identifier
at Module._compile (module.js:439:25)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Module.require (module.js:364:17)
at require (module.js:380:17)
at Object. (/var/www/html/socket.io-computer/io.js:19:26)
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)

can you help me out to works? and how?

from socket.io-computer.

yoshiandmario1 avatar yoshiandmario1 commented on July 20, 2024

You can also send QEMU commands using a line less that's less then 17 characters. This can be very abusive, especially if one constantly sends a reset command to the system... I found this from looking at the code for 5 minutes. Cool application, but get some security on this.

from socket.io-computer.

libjared avatar libjared commented on July 20, 2024

As an example, when the client sends

io.emit("keydown", "\nreset_system");

the VM will reset. I think the QEMU keycode conversion should be done on
the server, or at least scrubbed to contain only valid sendkey stuff.
@yoshiandmario1 's and this issue are different vulnerabilities, but
they're closely related in that the clients are making more decisions than
they should.

On Wed, Mar 25, 2015 at 2:30 AM, yoshiandmario1 [email protected]
wrote:

You can also send QEMU commands using a line less that's less then 17
characters. This can be very abusive, especially if one constantly sends a
reset command to the system... I found this from looking at the code for 5
minutes. Cool application, but get some security on this.


Reply to this email directly or view it on GitHub
#8 (comment)
.

from socket.io-computer.

fb39ca4 avatar fb39ca4 commented on July 20, 2024

Not to mention there are QEMU monitor commands to dump a portion of the VM's memory to a file. You can write an arbitrary file to the server this way if you load its contents to a known memory location in the guest operating system.

from socket.io-computer.

Related Issues (10)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.