MaximumASP
Social Bookmarking
Online Shopping
asp.net hosting
UK online local dating
| More
Recent News » JavaScript

Anatomy of a Subtle JSON Vulnerability

Posted by: youve been HAACKED, on 21 Nov 2008 | View original | Bookmarked: 0 time(s)

I recently learned about a very subtle potential security flaw when using JSON. While subtle, it was successfully demonstrated against GMail a while back. The post, JSON is not as safe as people think it is, covers it well, but I thought Id provide step-by-step coverage to help make it clear how the exploit works. The exploit combines Cross Site Request Forgery (CSRF) with a JSON Array hack allowing an evil site to grab sensitive user data from an unsuspecting user. The hack involves redefining the...

Advertisement
Free Agile Project Management Tool from Telerik
TeamPulse Community Edition helps your team effectively capture requirements, manage project plans, assign and track work, and most importantly, be continually connected with each other.
Category: JavaScript | Other Posts: View all posts by this blogger | Report as irrelevant | View bloggers stats | Views: 1237 | Hits: 39

Similar Posts

  • Native JSON Parsing: What does it mean? more
  • Back to CSV - Convert CSV text to Objects; via JSON more
  • Encrypt your AJAX traffic using Microsoft Silverlight and Ajax.NET Professional more
  • C# 4.0, Dynamic Programming and JSON more
  • DataTable JSON Serialization in JSON.NET and JavaScriptSerializer more
  • GeoRSS Editor alpha version is up and running more
  • JSON and Date Embedding more
  • JSONP for cross-site Callbacks more
  • XML Has Too Many Architecture Astronauts more
  • Updated: XML Has Too Many Architecture Astronauts more

News Categories

.NET | Agile | Ajax | Architecture | ASP.NET | BizTalk | C# | Certification | Data | DataGrid | DataSet | Debugger | DotNetNuke | Events | GridView | IIS | Indigo | JavaScript | Mobile | Mono | Patterns and Practices | Performance | Podcast | Refactor | Regex | Security | Sharepoint | Silverlight | Smart Client Applications | Software | SQL | VB.NET | Visual Studio | W3 | WCF | WinFx | WPF | WSE | XAML | XLinq | XML | XSD