JavaScript hijacking
Alternatively referred to as JSON hijacking, JavaScript hijacking is an attack in which potentially sensitive or private information is obtained from a user by exploiting the use of JSON (JavaScript Object Notation) on another web site. Attackers intercept the information from another web site by running the script from their own web sites and capturing the JSON data before it is sent back the original web site.
This is possible when a web browser has a loophole in its Single Origin Policy that allows a JavaScript program to be run on a different web site using a <script> tag pointing to the script at the original web site. The JSON data retrieved from the script is hijacked before being sent back to the original web site, giving an attacker any information that was sent through JSON via the script.
- More information on this type of attack can be found on the Vulnerapedia web site.
Also see: Hijack, JavaScript, Security definitions