JavaScript Hijacking
Short Description
JavaScript Hijacking allows an. unauthorized attacker to read confidential data from a vulnerable application using a technique …
Website: www.fortifysoftware.com | Filesize: 348kb
Content
JavaScript Hijacking
Brian Chess, Yekaterina Tsipenyuk O’Neil, Jacob West
{brian, katrina, jacob}@fortifysoftware.com
March 12, 2007
Summary
An increasing number of rich Web applications, often called Ajax applications, make use of
JavaScript as a data transport mechanism. This paper describes a vulnerability we term JavaScript
Hijacking, which allows an unauthorized party to read confidential data contained in JavaScript
messages. The attack works by using a
Comments
Leave a Reply
