AJAX and Prototype Hijacking: a fundamental design flaw in Javascript
|
01-07-2007, 03:52 PM,
Post: #1
|
|||
|
|||
AJAX and Prototype Hijacking: a fundamental design flaw in Javascript
Quote:fter a quick overview of simple Cross Site Scripting attacks, the speech will focus on security aspects of Web 2.0 technologies exploring unconventional and undisclosed attacking techniques. During the presentation we will show the next step in content/request hijacking and the next generation of client-side and server-side injection. Specifically, by applying advanced Javascript techniques like prototyping we'll see how to hijack functions and objects in order to have transparent attacks without breaking javascript code in Ajax web pages. Moreover, will be shown non trivial ways to attack web pages and inject code by taking advantage of other kinds of vulnerabilities in a cross domain environment. Finally, we will see how poor design choices in web browsers would bring to new kind of attacking vectors like UXSS through plugins and sandbox framework flaws. http://events.ccc.de/congress/2006/Fahrp...02.en.html Subverting AJAX whitepaper (PDF, 603K): http://events.ccc.de/congress/2006/Fahrp...g_Ajax.pdf
Al draagt een aap een gouden ring, het is en blijft een lelijk ding
|
|||
« Next Oldest | Next Newest »
|
Users browsing this thread: 1 Guest(s)