JavaScript allows a hacker diversions to access data through a flaw in which an interactive website on a given field can execute JavaScript hosted on another area. For example, in a Web-based e-mail application that uses Ajax, an attacker can connect as a legitimate user. The entire contents of the e-mail and address book can be made available to the hacker. In addition, the hacker can send fake e-mails on behalf of the victim.
Ajax is a method of building interactive Web applications by combining a number of programming tools, including JavaScript, which can cause a link to the page to appear (or fail to appear) in a pop-up, hide the status bar, change the text in the status bar, change text or graphics in a Web page, create new witnesses, change cookies or read existing cookies. JavaScript can be embedded in HTML and interpreted by the web browser. Ajax is useful because it allows the contents of a Web page to update immediately when the user performs an action.
JavaScript hijacking is a technique that an attacker can use to impersonate a valid user and read sensitive data from a web application vulnerable, including one using Ajax (Asynchronous JavaScript and XML). Almost all the major Ajax applications were found vulnerable.
Ajax is a method of building interactive Web applications by combining a number of programming tools, including JavaScript, which can cause a link to the page to appear (or fail to appear) in a pop-up, hide the status bar, change the text in the status bar, change text or graphics in a Web page, create new witnesses, change cookies or read existing cookies. JavaScript can be embedded in HTML and interpreted by the web browser. Ajax is useful because it allows the contents of a Web page to update immediately when the user performs an action.
JavaScript hijacking is a technique that an attacker can use to impersonate a valid user and read sensitive data from a web application vulnerable, including one using Ajax (Asynchronous JavaScript and XML). Almost all the major Ajax applications were found vulnerable.
