|30 Jan 2010||#1|
| || |
Web Development Platform Hacking Tool to be released.
A technique used in Web application development platforms that provides a constant look-and-feel across multiple Web pages can potentially expose sensitive user data, such as credit-card numbers, according to researchers, who at next week's Black Hat DC will demonstrate a new class of vulnerabilities in Apache MyFaces, Sun Mojarra, and Microsoft ASP.NET. They will also release a tool that tests for the flaws.
The so-called "view state" technique in both the MyFaces and Mojarra frameworks can be exploited such that an attacker can view user data -- think username, password, and credit-card number -- that's temporarily stored on the server during a session. View state is basically a method for tracking changes to visual components on a Web page that lets the Web server update a Web page without moving from that page.
"This is a fairly complicated vulnerability," says David Byrne, senior security consultant with Trustwave's SpiderLabs. "View state is something most people have heard of, but they aren't familiar with its inner workings. The tool we're going to release will help reveal those inner workings."
|My System Specs|
|Similar help and support threads for2: Web Development Platform Hacking Tool to be released.|
|Free Tool to Encrypt DNS Requests Released for Windows||Software|
|HELP! Ex is hacking me!||System Security|
|Microsoft Releases New Windows Phone 7 Development Tool||News|
|Volume Activation Management Tool 2.0 released||News|
|Windows 7 File Sharing Tool Released||News|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 10:42 PM.