Hi, 
Guest
Pic
Sign In

websecurity@lists.webappsec.org

The Web Security Mailing List

View all threads

JSON-RPC Cross-Site Request Forgery little exploitation trick

D
DefenseCode
Sun, Oct 7, 2012 10:21 PM

Hi,

During penetration-test contract, we came across CSRF in JSON-RPC based
web application.
Brief google search revealed some people saying that CSRF in JSON is hard
to exploit, and that these vulnerabilities can be ignored.
In fact, it's not that hard to exploit...
Here is how we exploited it - little trick about CSRF attacks on
JSON-RPC based web applications.
Maybe it'll be useful to someone.

http://blog.defensecode.com/2012/09/cross-site-request-forgery-against.html

Regards

DefenseCode Team
ThunderScan - Audit your Web Application Source Code For Vulnerabilities
http://www.defensecode.com/subcategory/thunderscan-8

Hi, During penetration-test contract, we came across CSRF in JSON-RPC based web application. Brief google search revealed some people saying that CSRF in JSON is hard to exploit, and that these vulnerabilities can be ignored. In fact, it's not that hard to exploit... Here is how we exploited it - little trick about CSRF attacks on JSON-RPC based web applications. Maybe it'll be useful to someone. http://blog.defensecode.com/2012/09/cross-site-request-forgery-against.html Regards -- DefenseCode Team ThunderScan - Audit your Web Application Source Code For Vulnerabilities http://www.defensecode.com/subcategory/thunderscan-8
Empathy v1.0   2024 ©Harmonylists.com