Monday, July 9, 2012

JSON XSRF Attacks


Welcome to another episode of Cross Site Request Forgery Attacks on DEVILS BLOG ON SECURITY. In this post we will discus a little about JSON hacking. Now you might have question why we haven't covered JSON XSRF attacks along with other XSRF attacks. This question is little difficult to answer but here's my explanation. All other XSRF attacks usually depend on session management attacks in one or another way, directly or indirectly XSRF attacks can be called as derivative obtained by adding and integrating Session Management Attacks, Frame Injection Flaws and Cross Site Scripting whereas the case is little different in JSON XSRF attacks. Many professionals even object inclusion of JSON attack as XSRF attack but we have nothing to do with it. So lets see how JSON XSRF attacks are different from other XSRF attacks.


All modern web browsers implement Same Origin Policy (SOP) on website content. This policy avoids one website from writing contents of frame that was issued from different domain. This policy was implemented against Frame Injection flaws. JSON CSRF exploits SOP by lifting one way restriction on website and allows data from another website to execute on different domain. This vulnerability is result of flaw in SOP which treats JavaScript as code and not data. According to browser policy a code is allowed to get downloaded and execute over a client browser though original source of script is different.

Full form of JSON is Java Script Object Notification which is a data transfer format for JavaScript interpreters. It is used in AJAX based applications as an alternative to standard XML data transfer format. In these applications requests are made using XMLHttpRequest to server and server returns data in JSON format. The received data is proceed on client side. Since JavaScript is used to transmit data than pure code SOP policy can get exploited to gain data generated by other applications. This data is transmitted back in form of an array. Thus due to JSON an XSRF attack can be easily executed on vulnerable site. From above discussion its quite clear JSON CSRF attacks can be implemented over a AJAX based website which uses JSON data transfer format against standard XML data transfer format.

Surely this topic is little wild to understand for those who don't know JavaScript, AJAX and XML. By the way in next post we'll see how to find vulnerability and execute attack using JSON format till then thanks for reading, have a nice time and keep visiting.

0 comments: