Steal some JSON response by JSONP injection!!
Some websites depend on JSON to send requests and receive responses and this response can include an information about the logged in user and shouldn't be public to anyone now in this topic we will see how we can steal this data. What is JSON? JSON is a language but isn’t programing language but it’s a lightweight data-interchange format and we can use it to communication between different apps such as ( Android, IOS, Web,….). Exploitation Now some of JSON response is like that In this case, if the response like that you are lucky we can dump this data by writing a small code using JS we will include this file in my page as a JS file in a script tag and we will create a function to dump data and the function name should be userInfo this is the exploitation you can see the code in the next image and the response in my page here Attacker page This a useful way and the Basic there are more ways but I don’t want t...