|Prerequisites ||JSON is used as a transport mechanism between the client and the server
The target server cannot differentiate real requests from forged requests
The JSON object returned from the server can be accessed by the attackers' malicious code via a script tag |
|Solutions ||Ensure that server side code can differentiate between legitimate requests and forged requests. The solution is similar to protection against Cross Site Request Forger (CSRF), which is to use a hard to guess random nonce (that is unique to the victim's session with the server) that the attacker has no way of knowing (at least in the absence of other weaknesses). Each request from the client to the server should contain this nonce and the server should reject all requests that do not contain the nonce.
Make the URLs in the system used to retrieve JSON objects unpredictable and unique for each user session.
|CWE ID ||Description |
|CWE-345 ||Insufficient Verification of Data Authenticity |
|CWE-346 ||Origin Validation Error |
|CWE-352 ||Cross-Site Request Forgery (CSRF) |