struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Łukasz Lenart <lukasz.len...@googlemail.com>
Subject Re: Comments in JSON
Date Thu, 14 Jul 2011 08:38:38 GMT
2011/7/14 Christian Grobmeier <grobmeier@gmail.com>:
> 2011/7/14 Łukasz Lenart <lukasz.lenart@googlemail.com>:
>> We did an internal research on the issue with JSON and it looks like,
>> the arrays are only vulnerable, if output contains an object, it isn't
>> a valid JavaScript.
>>
>> IE8, FF3, FF5, Chrome
>
> I recommend you this link: http://bit.ly/r7DXjB
> This guy made it happen to steal from json objects.

It doesn't work for me

http://tools.softwaremill.pl/attack.html


Kind regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
Warszawa JUG conference - Confitura http://confitura.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message