Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Fwd: Google vulnerabilities with PoC
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Sat, 15 Mar 2014 10:59:40 -0700

A hacker exploits a JSON (javascript) object that has information of interest for example holding some values for 
cookies. A lot of times that exploits the same policy origin. The JSON object returned from a server can be forged 
over writing javascript function that create the object. This happens because of the same origin policy problem in 
browsers that cannot say if js execution it different for two different sites.

To be honest, I'm not sure I follow, but I'm fairly confident that my
original point stands. If you believe that well-formed JSON objects
without padding can be read across origins within the browser, I would
love to see more information about that. (In this particular case, it
still wouldn't matter because the response doesn't contain secrets,
but it would certainly break a good chunk of the Internet.) JSONP is a
different animal.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]