I am migrating from programming to ‘web programming’, so this may sound too basic
My question is about a HTTP request that is responded by “victim site” with some “non-public/sensitive” information as HTML or XML or JSON.
And victim site is just relying on session cookies for authentication before responding with “non public” info for the http request.
If a the hacker’s site has a JS that makes ajax HTTP request to “victim site” and user is already logged in to “victim site” and hence has cookie for victim site in browser.
Will the ajax request be responded by “victim server” and if so can the hackers JS post this “non-public” info back to hackers site.
How would one prevent this?
You cannot make a request through AJAX to other domain than the one where the JS with the AJAX is being executed.
If the victim’s site is
example.comand hacker’s site isexample2.comthen a JS file fromexample2.comcan’t make an AJAX request to another site outer thanexample2.The cookies from the victim’s server that the client has won’t be sent to the hacker’s server in an HTTP request. The cookies can be stolen if the victim’s site has a XSS that can be exploited to send the cookies from that site to hackers.