Page 14 – WindowsTechs.com

XSS from JSON outputs

Posted on January 30, 2017 by

In the book “XSS Attacks – Exploits and Defense” Jeremiah Grossman writes:

The exploit found in Google’s reader was due to the developers thinking that JSON was only going to be viewed by the calling script.The developers never realized that attackers could send users directly to the JSON output. While AJAX and JSON do not generally introduce new holes per se, they definitely can increase the attacker’s surface area.

I thing there is no way for the attacker to force victim’s browser to run javascript from JSON directly. Is there any example that shows the authors intended purpose?

Continue reading XSS from JSON outputs→

XSS from JSON outputs

Posted on January 30, 2017 by

In the book “XSS Attacks – Exploits and Defense” Jeremiah Grossman writes:

The exploit found in Google’s reader was due to the developers thinking that JSON was only going to be viewed by the calling script.The developers… Continue reading XSS from JSON outputs→

I want to learn to hack Can you help me [on hold]

Posted on January 9, 2017 by

help me to learn hake ples and thanks

Continue reading I want to learn to hack Can you help me [on hold]→

How did the "Blaster" worm trigger buffer overflows?

Posted on November 24, 2016 by

In “The Security Development Lifecycle” book, Michael Howard wrote:

Take as an example the coding bug in Windows RPC/DCOM that the Blaster worm took advantage of (Microsoft 2003). The defective code
looks like this:

HR… Continue reading How did the "Blaster" worm trigger buffer overflows?→