Forgot your password?
typodupeerror
Security The Internet

'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials 68

Posted by Soulskill
from the clever-exploits dept.
New submitter newfurniturey writes: A new Flash and JSONP attack combination has been revealed to the public today. It has been dubbed the "Rosetta Flash" attack. JSONP callback functions normally return a JSON blob wrapped in a user-specified callback function, which the browser will then execute as JavaScript. Nothing out of the ordinary here. However, the new attack has leveraged a method of crafting a Flash file to contain a restricted character set that's usable within JSONP callbacks (i.e. in a URL). By combining the two, the attack demonstrates it's possible to use a JSONP URL with the contents of the crafted Flash file as the callback function. When set as the data of a standard HTML object tag, the SWF file executes on the targeted site, bypassing all Same-Origin policies in place. Services such as Google, YouTube, Twitter, Tumblr and eBay were found vulnerable to this attack. Several of these services fixed the vulnerability with a patch prior to the public release, and Tumblr patched within hours of the release.
This discussion has been archived. No new comments can be posted.

'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials

Comments Filter:

A LISP programmer knows the value of everything, but the cost of nothing. -- Alan Perlis

Working...