Is it possible to hijack JSON of our web app?

Asked May 01 '17 at 09:25

Active May 01 '17 at 09:33

Viewed 62 times

So here is the thing, friend of mine told me that our json data could be leaked from client side by injecting json as oururl if our clients are logged in. below is the sample get request that should be made by our clients only.

he also warned me that our api url could framed on which is obviously should not have concern with any security measurement right?

can anyone describe how could attacker get this data via json hijacking? i thought modern browsers are secure enough to prevent these kind of attacks.

any help would be appreciated!

sample api get requests url : https://www.example.com/accounts/edit/

{"form_data": {"first_name": "firstname", "last_name": "surname", "email": "emailid@emailprovider.com", "username": "username", "phone_number": "+xx xxxxx xxxxx"}}

edited May 01 '17 at 09:33

Pinke Helga

6,378
2
22
42

asked May 01 '17 at 09:25

ᙖᙖᙅ

An issue might be sensitive information within GET request parameters. https://stackoverflow.com/questions/2629222/are-querystring-parameters-secure-in-https-http-ssl – Pinke Helga May 01 '17 at 09:38
Possible duplicate of [JSON security best practices?](http://stackoverflow.com/questions/395592/json-security-best-practices) – Debug Diva May 01 '17 at 09:46
http://haacked.com/archive/2009/06/25/json-hijacking.aspx/ – Pinke Helga May 01 '17 at 09:51
i just read the mentioned information! still didn't find any practical way to hijack. – ᙖᙖᙅ May 01 '17 at 10:27

Is it possible to hijack JSON of our web app?

0 Answers0