03 April 2007

AJAX Exploit

Written by Richard Leggett (

)
Published on April 3rd, 2007 @ 02:57:55 am, using 67 words, 783 views

Categories: News, General

Just got sent this by Rick Williams...

Security researchers have found what they say is an entirely new kind of web-based attack, and it only targets the Ajax applications so beloved of the 'Web 2.0' movement.

Vulnerable frameworks include: Microsoft ASP.NET AJAX (aka. Atlas), XAJAX and Google Web Toolkit, Prototype, Script.aculo.us, Dojo, Moo.fx, jQuery, Yahoo! UI, Rico, and MochiKit.

Read the full story here.

Permanent Link 2 comments

Comments, Pingbacks:

Comment from: Keith

haha, no one is safe!! Have you seen this: https://addons.mozilla.org/en-US/firefox/addon/966

Very useful for developing web apps, and like all good things, potentially dangerous in the wrong hands

Permalink 03/04/07 @ 08:58

Comment from: Richard Leggett [Member]

Hi Keith,

A lot of people I know use Tamper, but I prefer Charles (great great app!), ServiceCapture is also good.

I've been doing an awful lot of JavaScript+XML loading recently (*shudders*), and without Firebug (a truly amazing Firefox plugin) I think things would be a lot worse.

The requirements for more visually exciting things are really starting to strain poor JavaScript 1.5 and the chewing gum and sticky tape approaches that are widely accepted.

Permalink 03/04/07 @ 10:02

Comments are closed for this post.

About

Richard Leggett is an RIA and Web Developer, company site coming soon. He is co-author of Foundation Flash Applications for Mobile Devices (Friends of ED), an Adobe Community Expert and speaker at industry conferences and user groups.