JSON Hijacking
Variants:
Direct
Also Known As:
Javascript Hijacking
Vector Type:
Attack
Relevance:
Technology Version Specific
Layer:
Application-Level
Platforms:
All Browsers before Firefox 21, Chrome 27, or IE 10.
Target Type:
Web Application
Affected Mechanisms:
Anti-CSRF, Secure Design
Invented In:
05/03/2007
Added In:
12/12/2014
Quick Introduction to the Topic:
Vector Operation Method:
3rd malicious websites can abuse script tag external source code inclusion and javascript method overriding to gain access to private user data in JSON entry points found in other websites.
