JSON hijacking | GitLab (2024)

Table of Contents
Description Links
  • Description
  • Remediation
  • Links

Description

Checks for JSON data potentially vulnerable to hijacking. This check looks for a GET request that returns a JSON array, which could potentially be hijacked and read by a malicious website.

JSON hijacking allows an attacker to send a GET request via a malicious web site or similar attack vector and utilize a user’s stored credentials to retrieve sensitive or protected data to which that user has access. Since a JSON array on its own is valid JavaScript, a malicious GET request to a resource that returns only a JavaScript array can allow the attacker to use a malicious script to read the data in the array from the request. GET requests should never return a JSON array, even if the resource requires authentication to access. Consider using POST instead of a GET for this request or wrapping the array in a JSON object.

Links

See Also
What Are JSON Injections | Acunetix
See Also
Troubleshooting Common JSON Import ErrorsWhat are the most important API security best practices for JSON web services?How do you secure and encrypt JSON and XML data in web communication?JSON Injection
JSON hijacking | GitLab (2024)
Top Articles
What is Instruction Set Architecture (ISA)?
Learn How to Become a Cryptographer (Education & Duties)
Jail Inquiry | Polk County Sheriff's Office
Oldgamesshelf
Top 11 Best Bloxburg House Ideas in Roblox - NeuralGamer
Somboun Asian Market
123 Movies Black Adam
La connexion à Mon Compte
What is international trade and explain its types?
Graveguard Set Bloodborne
2013 Chevy Cruze Coolant Hose Diagram
Hello Alice Business Credit Card Limit Hard Pull
Phillies Espn Schedule
Slag bij Plataeae tussen de Grieken en de Perzen
Babyrainbow Private
Dutchess Cleaners Boardman Ohio
272482061
Busted Barren County Ky
Munich residents spend the most online for food
Eva Mastromatteo Erie Pa
Second Chance Maryland Lottery
Cyndaquil Gen 4 Learnset
Me Cojo A Mama Borracha
How to Create Your Very Own Crossword Puzzle
10 Fun Things to Do in Elk Grove, CA | Explore Elk Grove
Big Lots Weekly Advertisem*nt
The Largest Banks - ​​How to Transfer Money With Only Card Number and CVV (2024)
Pecos Valley Sunland Park Menu
Ezel Detailing
At&T Outage Today 2022 Map
Il Speedtest Rcn Net
Busted Mugshots Paducah Ky
Spectrum Outage in Queens, New York
Why comparing against exchange rates from Google is wrong
Bridgestone Tire Dealer Near Me
Ripsi Terzian Instagram
Craigslist Gigs Norfolk
A Man Called Otto Showtimes Near Carolina Mall Cinema
The Land Book 9 Release Date 2023
Facebook Marketplace Marrero La
Weapons Storehouse Nyt Crossword
Ludvigsen Mortuary Fremont Nebraska
Nba Props Covers
Danielle Ranslow Obituary
Devon Lannigan Obituary
Mynord
Keci News
The Jazz Scene: Queen Clarinet: Interview with Doreen Ketchens – International Clarinet Association
Naomi Soraya Zelda
Aaca Not Mine
View From My Seat Madison Square Garden
Latest Posts
Classic Car Inspection Checklist
What power adapter do I need for The United Kingdom?
Article information

Author: Cheryll Lueilwitz

Last Updated:

Views: 5960

Rating: 4.3 / 5 (54 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Cheryll Lueilwitz

Birthday: 1997-12-23

Address: 4653 O'Kon Hill, Lake Juanstad, AR 65469

Phone: +494124489301

Job: Marketing Representative

Hobby: Reading, Ice skating, Foraging, BASE jumping, Hiking, Skateboarding, Kayaking

Introduction: My name is Cheryll Lueilwitz, I am a sparkling, clean, super, lucky, joyous, outstanding, lucky person who loves writing and wants to share my knowledge and understanding with you.