Re: [SC-L] JavaScript Hijacking

2007-04-19 Thread Brian Chess
Frederik De Keukelaere [EMAIL PROTECTED] writes: Would you mind sharing the different data formats you came across for exchanging data in mashups/Web 2.0? Considering the challenges you recently discovered, it might be good to have such an overview to look at it from a security point of view.

Re: [SC-L] JavaScript Hijacking

2007-04-06 Thread Frederik De Keukelaere
Hi Brian, Hi Stefano, snip Ok I see the difference. You are taking advantage of a pure json CSRF with a evil script which contains a modified version of the Object prototype. And when the callback function is executed you use a XMLHttpRequest in order to send the information extracted by

Re: [SC-L] JavaScript Hijacking

2007-04-03 Thread Stefano Di Paola
Hi Brian, Il giorno lun, 02/04/2007 alle 12.13 -0700, Brian Chess ha scritto: Hi Stefano, Yes, we are aware of your paper, but we intentionally chose to omit the reference because we are quite snobby. I'm joking! :DD lol The difference between what you discuss and JavaScript Hijacking is

Re: [SC-L] JavaScript Hijacking

2007-04-02 Thread Stefano Di Paola
Brian, i don't know if you read it but me and Giorgio Fedon presented a paper named Subverting Ajax at 23rd CCC Congress. (4th section XSS Prototype Hijacking) http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf It described a technique called Prototype Hijacking,

Re: [SC-L] JavaScript Hijacking

2007-04-02 Thread Brian Chess
Paola [EMAIL PROTECTED] Date: Mon, 02 Apr 2007 11:11:24 +0200 To: sc-l@securecoding.org sc-l@securecoding.org Cc: Brian Chess [EMAIL PROTECTED] Subject: Re: [SC-L] JavaScript Hijacking Brian, i don't know if you read it but me and Giorgio Fedon presented a paper named Subverting Ajax at 23rd