📖
sheepwall
  • Overview
  • Cloud Hacking
    • Azure
  • Hacking
    • Recon
      • Nmap
      • Website Recon
      • Service Enumeration
    • Exploitation
      • GraphQL
      • Application Attacks
      • Web Server Attacks
      • JSON attacks
      • CMS attacks
      • SQL Injection
      • Cross Site Scripting
      • Command Injection
      • SSRF
      • SSTI
      • Server Includes
      • XXE
      • WSDL/SOAP
      • Serialization Attacks
      • Cryptography
      • JWT
    • Installation
      • File Uploads
      • File Transfers
    • Actions on Objectives
      • Networking
      • Linux
    • Tools
    • Windows
      • 1. Getting Foothold
      • 2. Windows Exploitation
      • 3. Enumerating Active Directory
      • 4. Dumping Credentials
      • 5. Lateral Movement
      • 6. Persistence
      • 7. Active Directory
      • 8. LAPS
  • Bug Bounties
    • SSRF to Envoy Admin Page
    • Leaky Error Messages
    • HTTP verb tampering results in administrator role to the application
  • APT Information
    • DFIR Summary
Powered by GitBook
On this page
  • Value Injection
  • eval Attacks
  1. Hacking
  2. Exploitation

JSON attacks

Attacks on JSON values

Value Injection

JSON does not enforce unique keys, and can have multiple keys of the same value.

JSON will always take the last definition as the value.

In this case, when john logs in, if the check is just to see if privileges = user is in the structure, this would pass the check. However, john will eventually get adminisitrator privileges because it was declared last.

{
  "privileges":"user",
  "user":"john",
  "privileges":"administrator",
  "pass":"password"
}

eval Attacks

If the JSON data is passed into a Javascript eval function, you can inject code into it

data = 'user"});<img src="x" onerror="https://SITE">;({"account":"user'

PreviousWeb Server AttacksNextCMS attacks

Last updated 2 years ago