« New TED SiteBedale Group - Summary »
Apr 03

AJAX Exploit

News, General Add comments

Just got sent this by Rick Williams...

Security researchers have found what they say is an entirely new kind of web-based attack, and it only targets the Ajax applications so beloved of the 'Web 2.0' movement.

Vulnerable frameworks include: Microsoft ASP.NET AJAX (aka. Atlas), XAJAX and Google Web Toolkit, Prototype, Script.aculo.us, Dojo, Moo.fx, jQuery, Yahoo! UI, Rico, and MochiKit.

Read the full story here.


2 comments

  1. § Keith said on : 03/04/07 @ 08:58
    haha, no one is safe!! Have you seen this: https://addons.mozilla.org/en-US/firefox/addon/966

    Very useful for developing web apps, and like all good things, potentially dangerous in the wrong hands

  2. § Richard Leggett® Email said on : 03/04/07 @ 10:02
    Hi Keith,

    A lot of people I know use Tamper, but I prefer Charles (great great app!), ServiceCapture is also good.

    I've been doing an awful lot of JavaScript+XML loading recently (*shudders*), and without Firebug (a truly amazing Firefox plugin) I think things would be a lot worse.

    The requirements for more visually exciting things are really starting to strain poor JavaScript 1.5 and the chewing gum and sticky tape approaches that are widely accepted.

Comments are closed for this post.

Contact. ©2010 by Richard Leggett. free blog / web hosting UK / FP.
Design & icons by N.Design Studio. Skin by Tender Feelings / Evo Factory.
Entries RSS Comments RSS Log in