MySeq (#SimplifyCybersecurity #EssentialSecurity)
Simplicity is the Ultimate Sophistication
Pages
/home/myseq/blog
/etc/qotd
~/.plan
~/.projects
~/.settings
Jul 21, 2009
JSON Hijacking
Tags:
hijack
,
JSON
I've been introduced to this
JSON Hijacking
topic recently. It is a very nice write-up.
Basically this vulnerability requires that you are exposing a JSON service which…
Returns sensitive data with a JSON array.
Responds to GET requests.
Has JavaScript enabled (very likely the case)
Supports the
__defineSetter__
method.
This type of attack seems similar as a variant of a
Cross Site Request Forgery (CSRF)
attack.
Newer Post
Older Post
Home