An Exploration of JSON Interoperability Vulnerabilities

JSON Interoperability Vulnerability Labs

These are the companion labs to my research article “An Exploration of JSON Interoperability Vulnerabilities”.

Lab 1: Free purchases in an E-commerce Application

• Key Collision Attacks: Inconsistent Duplicate Key Precedence
• Inconsistent Large Number Representations

Lab 2: Privilege Escalation in a Multi-tenant Application

• Key Collision Attacks: Character Truncation

These labs bind to host ports 5000-5004, by default.

Attack Techniques

1. Key Collisions

Inconsistent Duplicate Key Precedence

{"qty": 1, "qty": -1}

Character Truncation

Truncation in last-key precedence parsers (flip order for first-key precedence)

{"qty": 1, "qty": -1}
{"qty": 1, "qtyud800": -1} # Any unpaired surrogate U+D800-U+DFFF
{"qty": 1, "qty"": -1}
{"qty": 1, "qty": -1}

Comment Truncation

These documents take advantage of inconsistent support of comments and quote-less

 

 

 

To finish reading, please visit source site