Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
CSRF and JavaScript 2
Posted by: goodwinster
Date: March 22, 2007 12:41PM

Has anyone seen Joe Walker's blog post on CSRF possibilities in JavaScript 2 yet? If so; what do you think?

Options: ReplyQuote
Re: CSRF and JavaScript 2
Posted by: rsnake
Date: March 22, 2007 01:51PM

I read it and I really don't think it makes sense. If you can put JavaScript on a page you get CSRF for free. Why would you have to overload operators?

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: CSRF and JavaScript 2
Posted by: goodwinster
Date: March 22, 2007 02:07PM

Because the *read* data that's fetched from a forged request, at the moment you have to have it returned as JSON or valid javascript. If you can force the interpreter to see HTML / XML as valid JS, you can read anything.

Options: ReplyQuote
Re: CSRF and JavaScript 2
Date: March 22, 2007 04:02PM

Link? I'd like enlightenment in this area of focus.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: CSRF and JavaScript 2
Posted by: Anonymous User
Date: March 22, 2007 05:17PM

The enlightening link:

http://getahead.org/blog/joe/2007/03/22/operator_overloading_in_javascript_2_and_a_potential_monster_csrf_hole.html

I haven't read the details yet but if it would be possible to map any included resources into a variable it would be a security nightmare.



Edited 1 time(s). Last edit at 03/22/2007 05:19PM by .mario.

Options: ReplyQuote
Re: CSRF and JavaScript 2
Posted by: rsnake
Date: March 22, 2007 06:14PM

That actually does make sense. If you use it to un-XMLify a document so that it is readable in JS space, that could be useful in a few different scenarios where certain strings cause exploits to fail if they are loaded in as XML. Hmmm

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote


Sorry, only registered users may post in this forum.