"Rosetta Flash" attack leverages JSONP callbacks to steal cookies!

Datetime:2016-08-22 23:50:04          Topic: JSONP           Share

newfurniturey (3524449) writes

"A new Flash and JSONP attack combination has been revealed to the public today dubbed the "Rosetta Flash" attack. .

JSONP callback functions normally return a JSON blob wrapped in a user-specified callback function which the browser will then execute as JavaScript. Nothing out of the ordinary here. However, the "Rosetta Stone" attack has leveraged a method of crafting a Flash file to contain a restricted character set that's usable within JSONP callbacks (i.e. in a URL). By combining the two, the attack demonstrates it's possible to use a JSONP URL with the contents of the crafted flash file as the callback function. When set as the data of a standard HTML object tag, the SWF file executes on the site being targeted bypassing all Same-Origin policies in place.





About List