Ajax vulnerabilities : 無料・フリー素材/写真
Ajax vulnerabilities / Noah Sussman
| ライセンス | クリエイティブ・コモンズ 表示 2.1 |
|---|---|
| 説明 | This slide is from Danny Alan's talk on XSS. I've read about the various JavaScript remoting attacks, but it was impressive to actually watch him paste a simple script tag into an insecure form, then later (from a remote host) play back the compromised browser's session, including cookies, keys pressed (including passwords), all the HTML retrieved by the browser, and details about the browser's history.Another disturbing thought: JavaScript can talk to the Java VM via an applet. The Java VM knows the NAT address of the host machine on the internal network. If the router password and IP are known (most users leave these set to factory defaults) then JavaScript can fill out and submit any of the Web forms that control the router. So it's theoretically possibly to compromise a router with JavaScript.The demo of Ajax XSS attacks and exploits, had the best quote of the day, as well: "Oops! I accidentally hit the Back button and canceled my attack!" |
| 撮影日 | 2008-03-19 00:09:53 |
| 撮影者 | Noah Sussman , New York City, USA |
| タグ | |
| 撮影地 | |
| カメラ | Canon PowerShot SD300 , Canon |
| 露出 | 0.033 sec (1/30) |
| 開放F値 | f/4.9 |
| 焦点距離 | 10142.85714 dpi |