| Home / IIS / JSON Hijacking and How ASP.NET AJAX 1.0 Avoids these Attacks |
digWin is a community news sharing site for Microsoft Techies. Share interesting news/links and rate them!
JSON Hijacking and How ASP.NET AJAX 1.0 Avoids these Attacks
posted by iisguy (28) 14 months ago (weblogs.asp.net)
Recently some reports have been issued by security researchers describing ways hackers can use the JSON wire format used by most popular AJAX frameworks to try and exploit cross domain scripts within browsers. Specifically, these attacks use HTTP GET requests invoked via an HTML include element to circumvent the "same origin policy" enforced by browsers (which limits JavaScript objects like XmlHttpRequest to only calling URLs on the same domain that the page was loaded from), and then look for ways to exploit the JSON payload content.
ASP.NET AJAX 1.0 includes a number of defau
Microsoft news, tips and tricks search
Comments
Add a comment
Post voted by 1 digWinners
Featured Links
-
Free Download Trial: SharePoint Migration, Backup and Recovery Software
DocAve: Enterprise, full-fidelity backup & recovery software for SharePoint provides essential protection & management tools, and allows for a data migration from Exchange Public Folders in to SharePoint 2007 & 2003.
User
Sponsor
Anti spam filter for mail servers
Anti spam, anti phishing and email management software for Exchange/SMTP/Lotus. Download a FREE trial!
Anti spam, anti phishing and email management software for Exchange/SMTP/Lotus. Download a FREE trial!
Featured Product
Categories
Upcoming NEW
- high quality casio lithium ion digital camera battery np-20
- Converting JasperReports to PowerPoint PPT and PPS formats
- Windows Data Recovery
- 5 Ingredients of Effective Wordpress Themes
- How to add Google Maps to your website?
- CANON BP-511 Battery
- CANON NB-4L Battery
- CANON NB-1LH Battery
- ASP.NET MVC & Threads
- CANON NB-2LH Battery
- JVC BN-VF714 Battery
- How to Remove DRM from iTunes AAC M4V M4P
- iPhone 3G new key features
- Aspose.Newsletter: How can you migrate VSTO code to Aspose.Cells?
- Windows8 = Codename Midori ?
- Simple AJAX Methodology
- Speeding Up Post Load Script
- Google anlaytics Wordpress plugin
- Preventing hacks on your WordPress blog
- Use FeedBurner to Manage Your WordPress Feeds
Recent comments
- Clean Box 3 Column Blogger Xml Template by denny
- Clean Box 3 Column Blogger Xml Template by Anonymous user
- Windows Data Recovery by windows (0)
- 0x86000209 sync error by Mike H
- iPhone 3G new key features by xiaowanzi (0)
- Plugged In, Not Charging - Windows Vista + Laptop by Toob
- Free 48 Hour Xbox 360 Live Trials - One Per Email Address by shane
- Microsoft DirectX 10.1 Version - Final Update for DirectX 10? by Anonymous user
- Roadsync Full Version - Free Software Download by Anonymous user
- Plugged In, Not Charging - Windows Vista + Laptop by Anonymous user
