In this article, we are telling you about json vulnerability owasp, you may have never heard of json vulnerabilities owasp because very few people know about it.
This is because there is not much talk about json vulnerabilities owasp and it is very rare that there is not much information about this bug in some way to make an article or video about the bug in some detail. It happens
But here we are telling you about json vulnerabilities owasp in detail as well as telling you how this bug works on a website, you will get a lot of information in this article.
Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.
About Json Vulnerabilities OWASP, you should know what json is and how it works in a website, let us tell you about it in detail.
Here we want to clear one thing before telling you about Json Vulnerabilities OWASP. If you are told about Json Vulnerabilities then there is a lot like this vulnerability is also used with any other vulnerability.
You must have seen this many times when you create an account on a website, for example, we only take netflix, we all know that here we get the option to create free account and premium account.
In such a way, if we are able to create a free account and use it to convert it into a premium account through Json Vulnerabilities, in such a way you can say its Json Vulnerabilities OWASP.
As you can see in the image websites when an account extracts information, in such a way it responds in this way, here you can see here the account type is free, here if you change it to a premium account and send a request.
If you get a response of true, in this way it is called a valid Json Vulnerabilities as you can see in the image here the account type has not been changed but the response is changed to true when we change the name.
By doing some similar Json Vulnerabilities OWASP we can also inject sql injection attack, cross site scripting attack payloads, this will be told practically in this article.
Here in easy language, if we try to understand json, in this way you can say that json is used to store information in the database. We get information.
Here json web tokens Vulnerabilities is also used, it will be told further if you have never heard the name of jwt, in such a way you will be updated on our website, you will be told about it soon.
What is http request smuggling vulnerability
What is file path traversal vulnerability
How to do os command injection attack
Example of Json Vulnerabilities OWASP ?
Let us now tell you Json Vulnerabilities OWASP practically, we are telling you all this on mutillidae, you have been told before about mutillidae as DVWA and BWAPP are similar mutillidae platform.
Before doing practical of Json Vulnerabilities OWASP, you must check the option of intercept server response, it is found in the option of history of burp suite as you can see in the image.
Here you are not being told to install it, we are telling you here by doing practical of Json Vulnerabilities OWASP, you can also call it Json injection attack, here we are using Json Vulnerabilities OWASP with XSS attack.
Here first you have to run mutillidae on your local server as well as you can run the burp suite as usual, after doing all this you get Json in the option of sql injection or cross site scripting attack in OWASP 2017.
Here we are telling you with cross site scripting, this page opens in front of you in this way, here you can use the request of any tool like here we have used skipfish.
You have to capture this request live as you can see in the image, in this way this request is captured live, here you can see the tool id, in your case it may be different if you request another tool Capture
After doing all this, you have to forward the request by injecting the payload as you can see in the image, in a similar way you can inject cross site scripting payloads.
Here the request has to be forwarded. You have to forward the request until your payload is loaded on the page as you can see in the image. In a similar way sql injection attack is also used with Json Vulnerabilities OWASP.
Let us also tell you how it works on a live website as you can see in the image, here we have information like 80 number subscriber.
In such a way, if this website had Json Vulnerabilities, in such a way, you can exploit this website by injecting payloads of hackers cross site scripting, in the same way you get it in almost all websites.
I hope that now you can understand about the Json Vulnerabilities OWASP, here we have told you about it both theory and practically. Json web tokens are also used in this way.
You will be told about this further as here we have used XSS payloads with Json Vulnerabilities OWASP, similar sql injection attack payloads can also be used, you can try it yourself.
If you have any kind of problem in injecting sql injection payloads, in this way, you can ask us in your comment, we will help you completely, as well as if you have any question related to Json Vulnerabilities OWASP.
Here you can understand yourself if hackers are able to use Json Vulnerabilities OWASP with sql injection or cross site scripting attack, in such a way, how much damage can they do to websites.
If you like this article of ours, then you must share it, as well as you wish, you can subscribe to our blog so that whenever we post a new article, you get a notification.
Sharing is Caring
Leave a Reply