jsonp issues

Test 24 cases in 2 requests

2

Web applications do not acknowledge additional query parameters supplied in HTTP requests. Developers simply fetch whatever parameters they need from the request. Hence, if `callback` parameter exists on an endpoint,...

s0md3v

ScanIssue IHttpRequestResponse object is from the original request

https://github.com/kapytein/jsonp/blob/master/jsonp.py#L124. The `IHttpRequestResponse` object is from the original request, while we should include the altered request by the extension. Currently, as a temporary solution, the callback URL is included in...

kapytein

enhancement

Check start of the response instead of MIME type to determine exploitable JSONP callback

Currently, the plugin only checks whether the request responds with `application/javascript` after appending parameters and/or changing the extension of the URL. However, there could be cases where the JSONP endpoint...

kapytein

bug

jsonp
jsonp copied to clipboard

Metadata

Test 24 cases in 2 requests

ScanIssue IHttpRequestResponse object is from the original request

Check start of the response instead of MIME type to determine exploitable JSONP callback

← Metadata

Owner

Metadata

jsonp jsonp copied to clipboard

Metadata

Test 24 cases in 2 requests

ScanIssue IHttpRequestResponse object is from the original request

Check start of the response instead of MIME type to determine exploitable JSONP callback

← Metadata

Owner

Metadata

jsonp
jsonp copied to clipboard