Whole Network Most Recent TOP10 AJAX E-Commerce Programming Security

 

JavaScript hijacking can hijack web browser session

Filed in archive Security by gautam on April 02, 2007

javascript hijacking.gif
JavaScript vulnerability has been reported by Fortify which enables to hack IE or Mozilla web browser session. Dubbed as JavaScript hijacking the vulnerability can be exploited in Web 2.0 applications using AJAX or Microsoft Atlas or GWT and other open source tools. The security vendor has the specific attack code and along with an advice as to how the vulnerability can be corrected.

Brian Chess, Chief scientist, Fortify stated:

Fortify has identified JavaScript hijacking attack code to exploit the Microsoft browser as well, but is refraining from currently making that publicly available. We figured out how this attack is possible and we need to educate software developers on it.


The security vendor has recommended that all programs communicating using JavaScript should take defensive steps such as session identifiers as part of each request returning JavaScript. This would entirely defeat the purpose of forgery attacks. Check the advisory issued by Fortify out here.


Advertisement


Permalink: JavaScript hijacking can hijack web browser session
Tags: javascript  hijacking  java  javascript  vulnerability  ajax  javascript+hijacking  browser+session 

Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/61253



Advertisement


Advertisement


CW ToolbarInstall
RSSrss   | See all blog subscribe options
Googlegoogle   |   What is RSS?
Yahoo!yahoo
AddthisAddThis Feed Button
BloglinesBloglines
Newsletter
Advertisement - Book yours here.

Use our search feature to look for other interesting posts

Just this blog Whole network
Advertisement -
Book yours here..


 
  • Security Cameras
  • Would you like to have a new interactive marketing channel for your company? Learn more about Sponsored Blogs with Creative Weblogging. See how we helped companies like Weblin and cellity reach their goals.
  • Would you like to reach millions of blog readers every day? See you banner on hundreds of blogs with TierOneAds? Stay in control measuring conversion in real time. Register now.
  • Would you like to make more money blogging? Use TierOneAds a new platform that allows you as a blogger to set your prices per impression. Register now.
  • Do you have a blog with more than 50k page views from the US? Let us market your blog and earn great fix payments and bonuses.
  • Would you like to see your text link here? Let us know!
Advertisement
Book yours here.



  • Testimonials

  • 'Great looking blog. Good quality posts with useful information.'
  • Other blogs in the same channel in the Creative Weblogging Network

Advertisement -
Book yours here..






Advertisement - Book yours here..
 
Tagcloud: AJAX Application Development Awards Basics Business conference E-Commerce Management Mobile Devices mobile phones Monthly Contest Personal Programming Security Service Oriented Architectures Sponsored Posts updates Web Services