本文详细解析了JSONP的工作原理,通过实例说明了JSON Hijacking的安全风险,指出其与CSRF漏洞的关联。同时,讨论了由于JSONP可能导致的反射型XSS攻击,并提出了防御措施,包括正确设置响应头和过滤回调参数。
在实习过程中接触过所谓的JSON Hijacking 漏洞,但最近在写论文时发现理解得不深,好像跟xss与csrf又有点区别与联系,索
性深入学习了下JSONP(JSON with Padding)。
下面一段话截取自:http://stackoverflow.com/questions/2067472/what-is-jsonp-all-about 仔细看看就比较清晰了。
Say you're on domain abc.com, and you want to make a request to domain xyz.com. To do so, you need to cross domain boundaries, a no-no in most of browserland.
The one item that bypasses this limitation is <script> tags. When you use a script tag, the domain limitation is ignored, but under normal circumstances, you can't really DO anything with the results, the script just gets evaluated.
Enter JSONP. When you make your request to a server that is JSONP enabled, you pass a special parameter that tells the server a little bit about your page. That way, the server is able to nicely wrap up its response in a way that your page can handle.
For example, say the server expects a parameter called "callback" to enable its JSONP capabilities. Then your request would look like:
最低0.47元/天 解锁文章
扫一扫
60
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
