having fun with code

Tag Archives: security

Interesting JSON vulnerability (old stuff)

Written by Eneko Alonso on May 14, 2010 Leave a Comment

Somebody at work passed this article about an interesting vulnerability in web APIs that use JSON. The exploit combines Cross Site Request Forgery (CSRF) with a JSON Array hack allowing an evil site to grab sensitive user data from an unsuspecting user. The hack involves redefining the Array constructor, which is totally legal in Javascript. http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx [...]

Posted in uncategorized | Also tagged , , , , , , , ,

About the blog

This is a blog about development, focused mainly on Javascript but also other languages like python, shell scripts and more.

About the author

Eneko Alonso is a software engineer and UI developer with more than eight years of experience in software and web development. He lives in San Luis Obispo, California and works at LEVEL Studios.

Contact Info

Contact Info

PromoteJS

JavaScript JS Documentation