JSON Hijacking

[testingkalki]

Hello,

I was going through http://haacked.com/archive/2009/06/25/json-hijacking.aspx/ and http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx/ recently and was trying this in my application but couldn't.

Does these vulnerabilities still works on modern browsers.

The JSON response I was getting looks like this: [{"name":"testM","id":"19223"},{"name":"testN","id":"19224"},{"name":"testO","id":"19225"}]

I know you're a busy person still, Please have a look and let me know If you got time :)

Thank you.

[haacked]

Does these vulnerabilities still works on modern browsers.

As far as I know, no modern browser is susceptible to the specific exploit I blogged about. But who knows about future versions of the browsers. Things like bugs, poorly written browser plugins, etc. could cause this to be exploitable. But I think the risk is pretty small at this point.