Every Bug Bounty hunter should know the evil smile of the JSONP over the browser’s Same Origin Policy.
In my previous write-up, I explain the JSON CSRF vulnerability and Now I came up with a technique to abuse the browser Same Origin Policy (SOP).
Introduction — JSONP & SOP:
JSONP stands for JSON with Padding. It is a JavaScript technique to request the data from the server and can access without worrying about cross-domain issues. Below are the features of the JSONP.
- JSONP does not use the
XMLHttpRequest
object. - JSONP uses the
<script>
tag instead. - JSONP doesn’t care about the browser SOP.
Don’t be confused, I will explain with a practical scenario to understand the above.
Same Origin Policy (SOP):
SOP is a default basic and critical web security feature, without this, the data you are sending over the internet is not safe.
Actually, the same origin policy is a little bit more complex and there are lot of different cases you have to consider.
A simple example to understand SOP
Basically, SOP prevents scripts from one origin to access private data on another origin.