JavaScript hijacking

JavaScript hijacking allows a hacker to gain access to data through a loophole in which an interactive Web site on a given domain can run JavaScript hosted on a different domain. For example, in a Web-based e-mail application that uses Ajax, an attacker can log in as the legitimate user. All of the contents of the e-mail inbox and address book then become available to the hacker. In addition, the hacker may send bogus e-mail messages in the name of the victim.

Ajax is a method of building interactive Web applications by combining several programming tools including JavaScript, which can cause a linked-to page to appear (or fail to appear) in a pop-up, hide the status bar, change text in the status bar, change text or graphics within a Web page, create new cookies, change existing cookies or read existing cookies. JavaScript code can be embedded in HTML and interpreted by the Web browser. Ajax is convenient because it allows the content on a Web page to update immediately when a user performs an action.

Read more about JavaScript hijacking: - Fortify Software warns that Web 2.0 applications are vulnerable to JavaScript hijacking. - Fortify Software answers technical questions about JavaScript hijacking. - A Slashdot article reports that 'AJAX may be considered harmful.' - SearchSecurity.com has more information about the critical flaw in Web 2.0 and Ajax.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

BROWSE BY TAG Application and Platform Security,   Web Security Tools and Best Practices,   Web Application Security,   Web Browser Security,   Information Security Threats,   Emerging Information Security Threats,   Application Attacks (Buffer Overflows, Cross-Site Scripting),   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT nCircle statistics show rising Web application vulnerabilities The number of Web application vulnerabilities detected by the vendor is on track to exceed 2008, according to the latest statistics. Twitter bugs, DNSSEC and broswer security In this podcast, Amit Klein, founder and CTO of Trusteer talks about the latest Twitter threats, browser maker response to phishing and other attacks... Month of Twitter Bugs project to document Twitter flaws Security researcher Aviv Raff will document a number of cross-site scripting (XSS) flaws and other errors threatening Twitter users.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anonymous Web surfing  (SearchSecurity.com) buffer overflow  (SearchSecurity.com)