Software and web application security

April 4, 2007

Fortify JavaScript Hijacking Vulnerability Detected

Filed under: web, web apps — chrisweber @ 2:47 pm

Rather scary issue regarding evil.com’s ability to rewrite javascript constructs such as the fundamental Object.  This means that evil.com can change the AJAX/JSON behavior of scripts run through good.com.

http://www.fortifysoftware.com/advisory.jsp

ScottGu from Microsoft responds as to why ASP.NET AJAX is not so vulnerable to this issue.  Doesn’t look like the best solution (basically the server requires an HTTP header Content-Type: application/json or it ignores the request).

http://weblogs.asp.net/scottgu/archive/2007/04/04/json-hijacking-and-how-asp-net-ajax-1-0-mitigates-these-attacks.aspx

Advertisements

25 Comments »

  1. This unique article, “Fortify JavaScript Hijacking Vulnerability Detected | Software and web application security” ended up being
    terrific. I am impressing out a clone to clearly show my pals.
    Regards,Denny

    Comment by http://Www.Atlantamustache.com/ — April 19, 2013 @ 12:44 pm

  2. It seems like you truly know a great deal about this particular subject and this demonstrates throughout this particular post, named “Fortify JavaScript
    Hijacking Vulnerability Detected | Software and web application security”.
    Thanks a lot ,Lorri

    Comment by Www.24notes.org — April 20, 2013 @ 12:51 pm

  3. This unique article, “Fortify JavaScript Hijacking Vulnerability Detected | Software and web application security” ended up
    being remarkable. I’m making out a reproduce to demonstrate
    to my colleagues. I appreciate it-Venetta

    Comment by http://Www.Belfrycenter.org — April 20, 2013 @ 1:56 pm

  4. I personally tend to go along with almost everything that has been put into writing in “Fortify JavaScript
    Hijacking Vulnerability Detected | Software and web application security”.
    Thanks for pretty much all the info.Thanks for your effort-Juan

    Comment by Gayle — May 30, 2013 @ 2:48 pm

  5. “Fortify JavaScript Hijacking Vulnerability Detected | Software and web application
    security” was a fantastic post and also I actually was indeed very content
    to locate it. Thanks,Ernesto

    Comment by Rowena — May 30, 2013 @ 3:52 pm

  6. This is exactly the 3rd post, of yours I browsed. However ,
    I really like this 1, “Fortify JavaScript Hijacking Vulnerability Detected | Software and web application security”
    the best. Regards -Albertina

    Comment by Cierra — May 31, 2013 @ 4:19 am

  7. You truly put together a number of superb points throughout ur post, “Fortify JavaScript Hijacking Vulnerability
    Detected | Software and web application security”. I will end up coming back
    again to your web-site shortly. Thanks ,Hildegard

    Comment by Lula — May 31, 2013 @ 4:22 am

  8. I really was basically looking for techniques for my personal site
    and discovered ur article, “Fortify JavaScript Hijacking Vulnerability Detected | Software and
    web application security”, do you really mind in the event that I actually work with some of your concepts?
    Thanks -Wilbert

    Comment by Zachery — July 9, 2013 @ 6:46 pm

  9. I personally desire to bookmark this blog post, “Fortify
    JavaScript Hijacking Vulnerability Detected | Software
    and web application security” on my very own blog.
    Will you care in the event that I actuallydo it? Thx -Elena

    Comment by Drusilla — August 2, 2013 @ 4:16 pm

  10. Thank you for utilizing time in order to post “Fortify JavaScript Hijacking Vulnerability Detected
    | Software and web application security”. Thank you yet again -Norberto

    Comment by Amelie — August 14, 2013 @ 6:02 pm

  11. U constructed several fantastic stuff inside your blog, “Fortify JavaScript
    Hijacking Vulnerability Detected | Software and web application security”.
    I may end up returning to your website in the near future.

    Thanks a lot ,Kassie

    Comment by Reagan — August 18, 2013 @ 8:41 am

  12. I personally needed to present this specific post, “Fortify JavaScript Hijacking Vulnerability
    Detected | Software and web application security” together with my personal pals on facebook itself.
    Ionly just wished to distribute your tremendous publishing!
    Thanks a lot, Lettie

    Comment by Barrett — December 28, 2013 @ 9:45 pm

  13. “Fortify JavaScript Hijacking Vulnerability Detected | Software and web application security”
    was in fact a truly pleasant posting, . Keep
    posting and I’ll continue to keep browsing! Thanks for the post -Cierra

    Comment by Grace — December 31, 2013 @ 8:29 am

  14. I personally desired to show this unique blog post, “Fortify JavaScript Hijacking Vulnerability Detected | Software and web application security” along
    with my own close friends on facebook. Ibasically needed to distributed ur excellent writing!
    Thanks, Kristina

    Comment by Chara — December 31, 2013 @ 5:17 pm

  15. I Think that blog post, “Fortify JavaScript Hijacking Vulnerability Detected | Software and web application
    security” was indeed spot on! I reallycould not agree
    together with you even more! At last looks like Ilocated a blog
    website really worth browsing. Thanks, Izetta

    Comment by Pasquale — January 2, 2014 @ 2:10 am

  16. “Fortify JavaScript Hijacking Vulnerability Detected | Software and
    web application security” ended up being a relatively excellent blog,
    . Keep creating and I will keep on viewing! Many thanks ,Katie

    Comment by Lino — January 2, 2014 @ 8:01 am

  17. I really was basically seeking for techniques for
    my personal site and uncovered ur blog, “Fortify JavaScript Hijacking Vulnerability Detected
    | Software and web application security”, would you care in
    case I start using a number of your ideas? Appreciate it -Brianne

    Comment by Mindy — January 2, 2014 @ 6:35 pm

  18. This valuable article, “Fortify JavaScript Hijacking Vulnerability Detected | Software
    and web application security” illustrates the fact that u really comprehend exactly what u r speaking about!
    I personally entirely am in agreement. Many thanks ,Remona

    Comment by Marlys — January 2, 2014 @ 7:37 pm

  19. I personally consider this blog , “Fortify JavaScript Hijacking Vulnerability Detected | Software and web application security”, quite enjoyable not to mention the blog post was indeed a terrific read.
    Thanks for the post-Margo

    Comment by Alejandro — January 3, 2014 @ 8:37 am

  20. I ponder how come you called this particular post, “Fortify
    JavaScript Hijacking Vulnerability Detected | Software and
    web application security”. In either case I appreciated the
    article!Thanks a lot,Rod

    Comment by Maxine — January 3, 2014 @ 1:38 pm

  21. Hi, i believe that i saw you visited my web site thus i got here to go back the desire?.I am
    trying to find things to enhance my site!I assume its adequate to use some of your ideas!!

    Comment by loans — October 14, 2014 @ 3:59 am

  22. It’s very simple to find out any topic on net as compared to
    books, as I found this paragraph at this web page.

    Comment by DDoS Booters Bootеrѕ IP Stresser Ip Booter — October 19, 2014 @ 7:31 am

  23. Section 2 (4 Could to 07 November 2009)
    adidas yeezy boost 350 moonrock http://yeezyboost750vipsale.com/

    Comment by adidas yeezy boost 350 moonrock — March 16, 2016 @ 9:21 am

  24. It’s a pkty you don’t have a donate button! I’d certainly donate to this superb blog!
    I suppose for now i’ll settle forr book-marking and addijng your RSS feed to my Google
    account. I look forward to new updates and will share
    this website witth my Facebook group. Chaat soon!

    Comment by www.coffeeblog.info coffee blog the coffee machine coffee — September 24, 2016 @ 5:25 pm

  25. Good information. Lucky me I found your blog by accident (stumbleupon).
    I’ve book marked it for later!

    Comment by crochet — October 8, 2016 @ 5:56 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: