[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC

To: TImbrahim@xxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
From: Michal Zalewski <lcamtuf@xxxxxxxxxxx>
Date: Sat, 15 Mar 2014 10:59:40 -0700

> A hacker exploits a JSON (javascript) object that has information of interest 
> for example holding some values for cookies. A lot of times that exploits the 
> same policy origin. The JSON object returned from a server can be forged over 
> writing javascript function that create the object. This happens because of 
> the same origin policy problem in browsers that cannot say if js execution it 
> different for two different sites.

To be honest, I'm not sure I follow, but I'm fairly confident that my
original point stands. If you believe that well-formed JSON objects
without padding can be read across origins within the browser, I would
love to see more information about that. (In this particular case, it
still wouldn't matter because the response doesn't contain secrets,
but it would certainly break a good chunk of the Internet.) JSONP is a
different animal.

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
  - From: T Imbrahim

Prev by Date: Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
Next by Date: Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
Previous by thread: Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
Next by thread: Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
Index(es):
- Date
- Thread