A while ago a colleague of mine said something astonishing to me: he said that one can format a hard drive using javascript! I just replied 'no, this is impossible'. He seemed to be very confident however, although he also mentioned that this is possible for windows only... Since then I can't give up thinking on it, but I haven't found any opportunity of performing such kind of hack... I tend to think that he was just kidding, and I want to prove this. But still, I can't give up this 'what if?' questions emerging in my head... Does anyone have any ideas?
+5
A:
Given JScript, running under WSH, with sufficient rights, you can, IIRC, call just about any function you like.
You can't do that from inside a browser though, they sandbox all the JavaScript.
David Dorward
2010-08-22 20:15:18
Not without a working exploit at least. And those tend to be rare those days.
Joey
2010-08-22 20:18:22
+1 - in much the same way that you can do it using the Windows Script Host and VBScript
Russ Cam
2010-08-22 20:20:29
A:
Generally this would not be possible from a web page because there are security precautions in place to prevent scripts from untrusted sources having inappropriate access. However Javascript JIT compilers (like in Chrome/Chromium and Opera), and interpreters (like in Firefox and IE) are very complex pieces of software. Many of them have flaws. Start by understanding specific flaws: http://en.wikipedia.org/wiki/Buffer_overflow http://en.wikipedia.org/wiki/Cross-site_scripting
Of course, if you find any you should responsibly disclose them to the software vendor. Google and the Mozilla foundation both give out rewards for such finds.
Sqeaky
2010-08-22 20:26:07