JSONP Injection

high Web Application Scanning Plugin ID 112805

Synopsis

JSONP Injection

Description

JSONP (JSON with Padding) is a JavaScript technique that allows you to query data from a server without worrying about cross-domain issues by using the tag scripts rather than the XMLHttpRequest object and thus not worrying about the browser's same-origin-policy restrictions. Due to the nature of JSONP not to apply origin control, depending on the server's response to the request, this feature can be abused by an attacker to steal sensitive information from the user and in some cases, also lead to arbitrary JavaScript code execution (Cross-Site Scripting).

Solution

It is not recommended to use JSONP for sensitive endpoints because JSONP is designated by default to bypass the same-origin-policy. It is better to use the CORS mechanism with a strict control on the origin of the request.

See Also

https://securitycafe.ro/2017/01/18/practical-jsonp-injection/

Plugin Details

Severity: High

ID: 112805

Type: remote

Published: 6/14/2021

Updated: 11/26/2021

Scan Template: scan, pci, api

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: Tenable

CVSS v3

Risk Factor: High

Base Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CVSS Score Source: Tenable

Reference Information