On the harmfulness of JSON hijacking

Source: Internet
Author: User
Keywords Website security

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

A few days ago published a title "JavaScript Scripting Site security to beware of JSON hijacking" article, a lot of webmaster feedback that through the site security test found that their site may have a JSON hijacking problem, but it is not clear how much risk json hijacking will bring to the site. And I was negligent, the light focus on the technology, not to the risk of JSON hijacking explanation, here I will be in the Site Security Alliance certified Webmaster Exchange area for the content of the JSON hijacked the harm to communicate with you, what do not understand, can add group discussion 219365452.

There are probably several types of hazards that JSON hijacking can cause:

1, may cause the user authority to embezzle;

The attacker constructs a script that steals administrators or highly privileged users through JSON hijacking, and once accessed, permissions are immediately embezzled.

2, can be hijacked to the Web page to hang horse;

The JSON hijacking point construct leads to the vulnerability backdoor Trojan, but accesses the exploit directly using the bug batch Hanging horse.

3, can be hijacked page phishing;

Use JSON hijacking to direct the masquerade site address.

4, can do the right to attack;

5, Variant denial of service attacks;

After hijacking, the traffic is directed to the victim Web site, which directly launches the DDoS attack.

  

Is it a lot of harm? So you should fix the pages that have JSON hijacking as soon as possible, and how to fix the one I mentioned in the previous article.

Eesafe website Security Alliance original article

Reprint please indicate the original address in the form of link: http://www.eesafe.com/bbs/thread-1489-1-1.html

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.