‘Hidden Property Abusing’ Allows Attacks on Node.js Applications

A team made up of security researchers from the Georgia Institute of Technology has found a way to exploit Node.js applications by manipulating the hidden properties used to track internal program states, the group plans to announce at the virtual Black Hat USA security conference next week. The novel attack technique, dubbed Hidden Property Abusing, allows a remote attacker to inject new values into Node.js programs through passing objects that the framework, under the right circumstances, will treat as internal data.

Read full article on Dark Reading: Cloud

 


Date:

Categorie(s):