java

JavaScript hijacking can hijack web browser session

Filed in archive Security by gautam on April 2, 2007

javascript hijacking.gif

JavaScript vulnerability has been reported by Fortify which enables to hack IE or Mozilla web browser session. Dubbed as JavaScript hijacking the vulnerability can be exploited in Web 2.0 applications using AJAX or Microsoft Atlas or GWT and other open source tools. The security vendor has the specific attack code and along with an advice as to how the vulnerability can be corrected.

Brian Chess, Chief scientist, Fortify stated:

Fortify has identified JavaScript hijacking attack code to exploit the Microsoft browser as well, but is refraining from currently making that publicly available. We figured out how this attack is possible and we need to educate software developers on it.

The security vendor has recommended that all programs communicating using JavaScript should take defensive steps such as session identifiers as part of each request returning JavaScript. This would entirely defeat the purpose of forgery attacks. Check the advisory issued by Fortify out here.

Related Entries:

Werte aus Flash an PHP und JavaScript senden - 14 January 2007
Browser-Spion - 10 April 2007
Die besten Tutorials zu PHP, CSS, JavaScript, DHTML, AJAX ..... - 07 April 2007
Microsoft Examination of JavaScript Has Standards Implicatio... - 12 November 2007
Skyfire Launches Mobile Browser with Flash, Ajax and Java Su... - 29 January 2008
JavaScript 测试：Firefox 3 性能大为提升 - 29 February 2008
JavaScript-Browser-Weiche - 23 April 2008

« HP gets Ajax tools in its... | Main | Vulnerability reported in... »

Permalink: JavaScript hijacking can hijack web browser session

Tags: javascript hijacking java javascript vulnerability ajax javascript+hijacking browser+session

Trackback: http://publish.creative-weblogging.com/publish/mt-tb.pl/61253

Addthis

Ask

Blinklist

del.icio.us

Digg

Fark

Facebook

Google

Lycos

Ma.gnolia

Add this page to Mister Wong

Mr Wong

Netscape

Netvousz

Newsvine

Reddit

StumbleUpon

Slashdot

Tailrank

Technorati

Wink

Yahoo

Vote for JavaScript hijacking can hijack web browser session:

Currently 8.67/10
1
2
3
4
5
6
7
8
9
10

Rating: 8.67 out of 3 vote(s) cast.

Response from: anothr user

One new subscriber from Anothr Alerts:cw1925@gmail.com

Add your response to JavaScript hijacking can hijack web browser session:

Name: *

Email: (will never be shown)*

URL:

(* marked fields are required)

Notify me if more comments appear?

Subscribe to Java Entrepreneur newsletter? (Newsletters are sent out weekly).

Remember me

Security Code: *
(Please help us to sort out spam.)

Please enter your comment here: (Sorry, no HTML is allowed - URLs will be made clickable automatically if you add http:// to your URL.)

We welcome your comments, however all comments are moderated. Offensive or off-topic comments will be deleted and not displayed.

Share It

Use the search to look for other interesting posts

Popular posts from our other blogs:

RSS	See all blog subscribe options
Google	What is RSS?
Yahoo!
Addthis
Bloglines
Newsletter
Twitter	Follow us on Twitter!

Tagcloud

Categories

Most popular

Archives

March 2010 (1)
February 2010 (8)
January 2010 (5)
December 2009 (4)
November 2009 (6)
October 2009 (6)
September 2009 (4)
More

Advertise with us

Interested in sponsoring this site? Learn more about all our advertising options or email advertising - at - creative-weblogging.com or give us a call at +1 (650) 331 4900.

Contributors (Last 90 days)

Donald Greg (1)
Jeff Goldman (12)
Creative Weblogging (4)

This site has 730 entries and is powered by Creative Weblogging since September 2005.

Recent Comments

Our Editors recommend

Disclaimer

Creative Commons License

Some of the contents of this site are protected Creative Weblogging Inc. 2004-2010.

Check out our Sponsored Blogs!

Business Computer Blog (UK)

Are you interested in writing a blog in our network?

See which positions are currently open.

Testimonials

'Great looking blog. Good quality posts with useful information.'

Other blogs in the same channel in the Creative Weblogging Network: Technology

BlogWealth

The CIO Weblog

HackITLinux

Googlestack

Nanotechbuzz

On Storage

P2P File Sharing

P2P File Sharing

The VoIP Weblog

The VoIP Weblog

About the company | Advertise with us | Disclaimer | Privacy Policy | Refund/Return Policy | Memcache Hosting | Domain Search | People Search | Breaking News | Gourmet Lunch

All Creative Weblogging sites are built in accordance with the Google Webmaster Guidelines and IAB guidelines.