On the harmfulness of JSON hijacking

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

A few days ago published a title "JavaScript Scripting Site security to beware of JSON hijacking" article, a lot of webmaster feedback that through the site security test found that their site may have a JSON hijacking problem, but it is not clear how much risk json hijacking will bring to the site. And I was negligent, the light focus on the technology, not to the risk of JSON hijacking explanation, here I will be in the Site Security Alliance certified Webmaster Exchange area for the content of the JSON hijacked the harm to communicate with you, what do not understand, can add group discussion 219365452.

There are probably several types of hazards that JSON hijacking can cause:

1, may cause the user authority to embezzle;

The attacker constructs a script that steals administrators or highly privileged users through JSON hijacking, and once accessed, permissions are immediately embezzled.

2, can be hijacked to the Web page to hang horse;

The JSON hijacking point construct leads to the vulnerability backdoor Trojan, but accesses the exploit directly using the bug batch Hanging horse.

3, can be hijacked page phishing;

Use JSON hijacking to direct the masquerade site address.

4, can do the right to attack;

5, Variant denial of service attacks;

After hijacking, the traffic is directed to the victim Web site, which directly launches the DDoS attack.

Is it a lot of harm? So you should fix the pages that have JSON hijacking as soon as possible, and how to fix the one I mentioned in the previous article.

Eesafe website Security Alliance original article

Reprint please indicate the original address in the form of link: http://www.eesafe.com/bbs/thread-1489-1-1.html