Thursday, 28 April 2016

JSON Hijacking

JSON Hijacking

Today we will see that, How we can find the
JSON Hijacking vulnerability. As we know that this works on older browsers, still we should analyse it because this is a miss-understood/less known vulnerability for many security people. I hope you will like it.

What is JSON Hijacking?

JSON Hijacking is similior to CSRF(Cross Site Request Forgery) but there is just a little bit difference, In CSRF you trick the victim/user to do some malicious/unwanted activity but in JSON Hijacking you trick the user to access a crafted link which will read some data form victim account and pass it to attacker.

Who Are Affected To This?

This vulnerability is already fixed in modern browser, Like  as of now if victim is using modern browser it cannot be exploited. But still if any one is using an older browser it can be attacked.

How We Can Find JSON Hijacking Vulnerability