Standardlikelihood: Highseverity: HighDraft

CAPEC-111JSON Hijacking (aka JavaScript Hijacking)

Abstraction
Standard
Status
Draft
Likelihood
High
Severity
High

Description

An attacker targets a system that uses JavaScript Object Notation (JSON) as a transport mechanism between the client and the server (common in Web 2.0 systems using AJAX) to steal possibly confidential information transmitted from the server back to the client inside the JSON object by taking advantage of the loophole in the browser's Same Origin Policy that does not prohibit JavaScript from one website to be included and executed in the context of another website.

Related weaknesses· 3

CWE-345CWE-346CWE-352

Related attack patterns· 1

CAPEC-212 (ChildOf)

Exploits3

TypeTargetConfidenceTier
WeaknessCross-Site Request Forgery (CSRF)cwe-352100%live
WeaknessInsufficient Verification of Data Authenticitycwe-345100%live
WeaknessOrigin Validation Errorcwe-346100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Clickjacking
CAPEC
Reflected XSS
CAPEC
Exploit Script-Based APIs
CAPEC
Cross-Site Scripting (XSS)
CAPEC
Generic Cross-Browser Cross-Domain Theft
CAPEC
XSS Through HTTP Headers
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.