Books for you

attackForm.submit();



With this attack, any user who is lured to the attacker??™s site will be dismayed to find
that his personal profile on GoatFriends has been defaced, and that hundreds of his
online friends are now referring to him as ???Stinky McStinkypants.??? This is a social
disaster from which few Internet denizens could recover.
CSRF in a Web 2.0 World: JavaScript Hijacking
Popularity: 6
Simplicity: 4
Impact: 9
Risk Rating: 7
84 Hacking Exposed Web 2.0
The attacks described so far have been effective in applications stretching back since
the beginning of the World Wide Web and can work unmodified in many AJAX-based
applications. Another interesting issue affects only newer applications: cross-domain
JavaScript stealing.
Now Coming Downstream: JavaScript
The traditional format of data returned to web browsers after an HTTP request is HTML,
which may contain JavaScript, links to images and objects, and may define a completely
new web page for the browser to render. In an AJAX application, JavaScript running
from an initial page makes many small HTTP requests and receives data that is parsed
and used to update only the portion of the web page that needs to change, instead of the
entire application.


Pages:
158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182