Forgot your password?
typodupeerror

+ - "Rosetta Flash" attack leverages JSONP callbacks to steal cookies!->

Submitted by newfurniturey
newfurniturey (3524449) writes "A new Flash and JSONP attack combination has been revealed to the public today dubbed the "Rosetta Flash" attack..

JSONP callback functions normally return a JSON blob wrapped in a user-specified callback function which the browser will then execute as JavaScript. Nothing out of the ordinary here. However, the "Rosetta Stone" attack has leveraged a method of crafting a Flash file to contain a restricted character set that's usable within JSONP callbacks (i.e. in a URL). By combining the two, the attack demonstrates it's possible to use a JSONP URL with the contents of the crafted flash file as the callback function. When set as the data of a standard HTML object tag, the SWF file executes on the site being targeted bypassing all Same-Origin policies in place.

Services such as Google, YouTube, Twitter, Tumblr and eBay were found vulnerable to this attack; however, several were patched prior to the public release and Tumblr has patched within hours of the release."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

"Rosetta Flash" attack leverages JSONP callbacks to steal cookies!

Comments Filter:

Computers are unreliable, but humans are even more unreliable. Any system which depends on human reliability is unreliable. -- Gilb

Working...