How to break web applications.

I’m watching a video on my new iTouch about how to break web applications, and it presented the idea that Javascript is the same as stack overflows which are also the same as getting free phone calls by whistling a note into a payphone…
They're all examples of bad things happening when you intermingle code (javascript/return addresses/command tones) and data (html/arrays on the stack/your voice). I guess it’s sort of expensive to set up two connections for every connection, but that seems to be the only way to avoid stuff like this, which has apparently been happening for years.

I don’t think there’s a lot I can do with this new idea, but it seemed interesting, so I figured I’ld record it for posterity.

Comments

Comments powered by Disqus