tag:blogger.com,1999:blog-7534521580510357281.post4476673216846359528..comments2023-07-25T06:08:54.823+03:00Comments on Ben Hayak - Security Blog: Same Origin Method Execution (SOME)[Ben Hayak]http://www.blogger.com/profile/09473158121408723877noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-7534521580510357281.post-33233714675994111632018-04-02T14:35:05.540+03:002018-04-02T14:35:05.540+03:00Nice oneNice oneRobert Welainhttps://www.blogger.com/profile/10587031495938313347noreply@blogger.comtag:blogger.com,1999:blog-7534521580510357281.post-5775692080566471402017-12-11T06:03:43.000+02:002017-12-11T06:03:43.000+02:00While JSONP is popular useful technology but it ca...While JSONP is popular useful technology but it can make a website vulnerable if it is not implemented properly. JSONP uses a callback function to get data from third-party services. By manipulating the callback parameter, attacker could execute arbitrary methods on the affected website.Spiritual Religious Broadcastinghttp://www1.cbn.com/700clubnoreply@blogger.comtag:blogger.com,1999:blog-7534521580510357281.post-82578882498534779192016-03-15T13:21:40.527+02:002016-03-15T13:21:40.527+02:00I would say, the first could happen, however, the ...I would say, the first could happen, however, the second is really the issue.[Ben Hayak]https://www.blogger.com/profile/09473158121408723877noreply@blogger.comtag:blogger.com,1999:blog-7534521580510357281.post-24750601113182260612016-03-15T00:18:09.477+02:002016-03-15T00:18:09.477+02:00Is the SOME exploit dependent on JSONP? Of is the...Is the SOME exploit dependent on JSONP? Of is the SOME attack dependent on poor control over the implementation of callback?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7534521580510357281.post-58947750697354349312015-12-01T15:23:06.686+02:002015-12-01T15:23:06.686+02:00Update: the server is upUpdate: the server is up[Ben Hayak]https://www.blogger.com/profile/09473158121408723877noreply@blogger.comtag:blogger.com,1999:blog-7534521580510357281.post-52925332738249820102015-12-01T14:39:38.921+02:002015-12-01T14:39:38.921+02:00Thank you for letting me know! Meanwhile you can u...Thank you for letting me know! Meanwhile you can use the mirror link (https://www.blackhat.com/docs/eu-14/materials/eu-14-Hayak-Same-Origin-Method-Execution-Exploiting-A-Callback-For-Same-Origin-Policy-Bypass-wp.pdf)<br /><br />The server will be back up soon.[Ben Hayak]https://www.blogger.com/profile/09473158121408723877noreply@blogger.comtag:blogger.com,1999:blog-7534521580510357281.post-81626780728291804372015-12-01T05:41:37.395+02:002015-12-01T05:41:37.395+02:00The link to your white paper is broken...The link to your white paper is broken...Anonymoushttps://www.blogger.com/profile/14948187291060025017noreply@blogger.com