Whole Network AJAX Basics conference E-Commerce Monthly Contest Programming Security

 

JavaScript hijacking can hijack web browser session

Filed in archive Security by gautam on April 2, 2007

javascript hijacking.gif
JavaScript vulnerability has been reported by Fortify which enables to hack IE or Mozilla web browser session. Dubbed as JavaScript hijacking the vulnerability can be exploited in Web 2.0 applications using AJAX or Microsoft Atlas or GWT and other open source tools. The security vendor has the specific attack code and along with an advice as to how the vulnerability can be corrected.

Brian Chess, Chief scientist, Fortify stated:

Fortify has identified JavaScript hijacking attack code to exploit the Microsoft browser as well, but is refraining from currently making that publicly available. We figured out how this attack is possible and we need to educate software developers on it.


The security vendor has recommended that all programs communicating using JavaScript should take defensive steps such as session identifiers as part of each request returning JavaScript. This would entirely defeat the purpose of forgery attacks. Check the advisory issued by Fortify out here.







Permalink: JavaScript hijacking can hijack web browser session
Tags: javascript  hijacking  java  javascript  vulnerability  ajax  javascript+hijacking  browser+session 

Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/61253





RSSrss   | See all blog subscribe options
Google google   |   What is RSS?
Yahoo! yahoo
Addthis Subscribe using any feed reader!
Bloglines Bloglines
Newsletter
Grouptivity

Use the search to look for other interesting posts



 
  • Advertise with us

  • Learn more about our advertising options or email advertising - at - creative-weblogging.com or give us a call at +1 (650) 331 4900.


  • Testimonials

  • 'Great looking blog. Good quality posts with useful information.'


  • Other blogs in the same channel in the Creative Weblogging Network







 

Tagcloud: AJAX Application Development Awards Basics Business conference E-Commerce Management Mobile Devices mobile phones Monthly Contest Personal Programming Security Service Oriented Architectures Sponsored Posts updates Web Services