JSON Hijacking

A while back I wrote about a subtle JSON vulnerability which could result in the disclosure of sensitive information. That particular exploit involved overriding the JavaScript Array constructor to disclose the payload of a JSON array, something which most browsers do not support now. However, there’s another related exploit that seems to affect many more browsers. It was brought to my attention recently by someone at Microsoft and Scott Hanselman and I demonstrated it at the Norwegian Developers Conference last week, though it has been demonstrated against Twitter in the past. Before I go further, let...

My ASP.NET MVC 4 book is now available! Written by me and three great coauthors.

Print Edition
Kindle Edition

About Haacked

Phil Haack (aka @haacked on Twitter) attempts to infuse technology and software development with humor and a pragmatic eye... Attempts.

For recent posts and more about me, scroll to the bottom.

Badges

About Me

The author of this blog is a megalomaniacal software developer with delusions of... well, uh, just delusions.

I’m also on Twitter as @haacked

I work at GitHub and live in a constant state of paradox. This sentence is not true. I like flux. I recently worked at Microsoft helping to bring open source ideals into the product teams. I shipped several projects under an open source license, including one product that accepted external contributions. I still work on that project, NuGet, in my spare time.

To learn more, keep reading...

You’ve Been Haacked

browsers

JSON Hijacking

About Haacked

Tag Cloud

Badges

Recent Posts

Recent Comments

About Me