Cenzic 232 Patent
Paid Advertising
web application security lab

AJAX is scary

A few months back I was having a conversation with Jeremiah Grossman and he was talking about new interesting uses of AJAX and the security implications. If you recall he is the one who figured out how to steal address information from Gmail using information stored in JavaScript (without using XSS). Anyway, to cut to the chase, while talking to him I set up a proxy to watch the communications over the wire for anything that seemed AJAXy that might contain sensitive information.

Within just a few minutes of normal surfing I found a really good example of information leakage that could prove to be a serious issue in the future. If you happen to use maps.yahoo.com try this (I really suggest their beta site if you haven’t already tried it, it kicks Google’s maps’ ass). But anyway:

  1. log into Yahoo! first
  2. then go to this URL

Using some XSS tricks it would be fairly easy to steal this information assuming something else on that site were XSS-able. Not that this particular application is vulnerable, but I think it shows what is possible. This will become a bigger and bigger deal with time. Mark my words!

/RSnake

Comments are closed.