Secure Coding mailing list archives
JavaScript Hijacking
From: EB41704 at jp.ibm.com (Frederik De Keukelaere)
Date: Fri, 6 Apr 2007 11:32:33 +0900
Hi Brian, Hi Stefano, <snip>
Ok I see the difference. You are taking advantage of a pure json CSRF with a evil script which contains a modified version of the Object prototype. And when the callback function is executed you use a XMLHttpRequest in order to send the information extracted by the instantiated object.
In the beginning of the paper there was a comment that the code that was presented was designed for use in Firefox but could be ported to IE or other browsers. However, since IE does not seem to have the setter methods (correct me if I am wrong), I did not quite find a way to achieve this in IE. We tried several things such as replacing Array and Object constructor as well as as overriding eval, neither of which worked. Do you have any suggestions about how to port this attack to IE? Btw, thanks for the papers. Kind Regards, Fred --- Frederik De Keukelaere, Ph.D. Post-Doc Researcher IBM Research, Tokyo Research Laboratory -------------- next part -------------- An HTML attachment was scrubbed... URL: http://krvw.com/pipermail/sc-l/attachments/20070406/b9ac46c2/attachment.html
Current thread:
- JavaScript Hijacking Brian Chess (Apr 01)
- <Possible follow-ups>
- JavaScript Hijacking Stefano Di Paola (Apr 02)
- JavaScript Hijacking Brian Chess (Apr 02)
- JavaScript Hijacking Stefano Di Paola (Apr 03)
- JavaScript Hijacking Frederik De Keukelaere (Apr 05)
- Foundations of Security: What Every Programmer Needs to Know McGovern, James F (HTSC, IT) (Apr 04)
- JavaScript Hijacking Brian Chess (Apr 02)
- JavaScript Hijacking Brian Chess (Apr 19)