Welcome to another episode of Cross Site
Request Forgery Attacks on DEVILS BLOG ON SECURITY. In this post we
will discus a little about JSON hacking. Now you might have question why
we haven't covered JSON XSRF attacks along with other XSRF attacks.
This question is little difficult to answer but here's my explanation.
All other XSRF attacks usually depend on session management attacks in
one or another way, directly or indirectly XSRF attacks can be called as
derivative obtained by adding and integrating Session Management
Attacks, Frame Injection Flaws and Cross Site Scripting whereas the case
is little different in JSON XSRF attacks. Many professionals even
object inclusion of JSON attack as XSRF attack but we have nothing to do
with it. So lets see how JSON XSRF attacks are different from other
XSRF attacks.
All modern web browsers implement Same Origin Policy (SOP)
on website content. This policy avoids one website from writing
contents of frame that was issued from different domain. This policy was
implemented against Frame Injection flaws. JSON CSRF exploits SOP by
lifting one way restriction on website and allows data from another
website to execute on different domain. This vulnerability is result of
flaw in SOP which treats JavaScript as code and not data. According to
browser policy a code is allowed to get downloaded and execute over a
client browser though original source of script is different.
Full form of JSON is Java Script Object Notification
which is a data transfer format for JavaScript interpreters. It is used
in AJAX based applications as an alternative to standard XML data
transfer format. In these applications requests are made using XMLHttpRequest
to server and server returns data in JSON format. The received data is
proceed on client side. Since JavaScript is used to transmit data than
pure code SOP policy can get exploited to gain data generated by other
applications. This data is transmitted back in form of an array. Thus
due to JSON an XSRF attack can be easily executed on vulnerable site.
From above discussion its quite clear JSON CSRF attacks can be
implemented over a AJAX based website which uses JSON data transfer
format against standard XML data transfer format.
Surely this topic is little wild to
understand for those who don't know JavaScript, AJAX and XML. By the way
in next post we'll see how to find vulnerability and execute attack
using JSON format till then thanks for reading, have a nice time and
keep visiting.
0 comments:
Post a Comment