JSON attacks

Attacks on JSON values

Value Injection

JSON does not enforce unique keys, and can have multiple keys of the same value.

JSON will always take the last definition as the value.

In this case, when john logs in, if the check is just to see if privileges = user is in the structure, this would pass the check. However, john will eventually get adminisitrator privileges because it was declared last.

{
  "privileges":"user",
  "user":"john",
  "privileges":"administrator",
  "pass":"password"
}

`eval` Attacks

If the JSON data is passed into a Javascript eval function, you can inject code into it

data = 'user"});<img src="x" onerror="https://SITE">;({"account":"user'

PreviousWeb Server Attacks NextCMS attacks

Last updated 2 years ago