This is a pretty original technique to check if you are loggued-in in known websites such Google, Gmail, MySpace, Blogger, MSN, ... The method is pretty original and works in many websites, so it's something you should know and be...
Main > AJAX Security - Page 2 of 2
January 8, 2007
January 7, 2007
Slashdotted today a paper called Subverting AJAX [PDF] by Stefano Di Paola and Giorgio Fedon presented at the 23rd Chaos Communication Congress. The document talk about next generation vulnerabilities in 2.0 Web Applications, innovative attack scenarios, Prototype Hijacking, UXSS, and...
October 14, 2006
Security Focus have a new article describing some techniques to assess web 2.0 applications with Firefox : Discovering hidden calls, Crawling challenges and browser simulation, and Logic discovery & dissecting applications. There is no doubt that there is a great...
September 26, 2006
Chris Shiflett, one of the very known PHP security experts, have a post about The Dangers of Cross-Domain Ajax with Flash as a continuation of the previous discussion on Cross-Domain AJAX insecurities. The issue for Cross-Domain Ajax with Flash remain...
June 5, 2006
Stefan Esser has found a critical security issue in DocuWiki. The bug allows remote PHP code injection through its AJAX spellchecking service. It is due to /e modifier of preg_replace() that handles links that are embedded in the text and...
April 23, 2006
PAJAX is a framework that facilitates the creation of remote PHP objects in JavaScript. It uses AJAX techniques to communicate between JavaScript stub objects that execute in the browser and their counterpart implementation in PHP on the server. The framework...
April 9, 2006
SAJA is an Open Source AJAX implementation for PHP which focus on Security. SAJA allow you to create simple, intuitive, and maintainable AJAX applications, without the need to write any JavaScript. Using SAJA, you have to edit saja.functions.php and enter...
February 7, 2006
Eric Pascarello, the co-author of Ajax in Action, have been interviewed by Colleen Frye at SearchWebServices.com. We have already talked about the MySpace Worm in October, and Eric have answered many question concerned this worm, the need of security for...
October 14, 2005
MySpace is an online community or better called social network where people can share photos, journals and interests. A worm appeared on myspace recently called "samy is my hero", it makes a guy called "Samy" making more than a million...
July 26, 2005
I don't have Internet explorer to test it, but anakin pointed in his blog to a possible bug using XMLHttpRequest. Internet Explorer looks to hang up if you send a utf-8 header in response to XMLHttpRequest(). The bug have been...
Subscribe to AJAX Magazine's feed