[thelist] ajax, javascript libraries - security.
Matt Warden
mwarden at gmail.com
Tue Apr 17 07:52:52 CDT 2007
Trevor,
On 4/17/07, trevor <trevor at intospace.ca> wrote:
> could you please shed some light about this too - the defensive concept to
> include a line of code such as: while(1) at the start of the json
> object, in order to throw an "evil observer's" computer into a loop.
>
> i don't get that. because -- if the "legitimate" javascript knows enough
> to remove that line of code before implementing the object behaviour, then
> what is to stop the "evil observer" from simply inspecting the legitimate
> code, identifying the process to remove the while(1) statement, and then
> adding that removal process to their own "evil" observation code??
Take another read through the paper to understand the exploit better.
The exploit involves using a script tag to pull the JSON into the page
context of a malicious site. There is no opportunity to parse the
JavaScript that results. As such, surrounding the JSON with /* and */
or adding a while(1); before the definition of the JSON would both
defeat the exploit.
--
Matt Warden
Cleveland, OH, USA
http://mattwarden.com
This email proudly and graciously contributes to entropy.
More information about the thelist
mailing list