• EN

Json hijacking whitespaces

  • 23 February 2024
  • 2 comments
  • 26 views
Geoff Burke
Userlevel 7
Badge +22

Very revealing post about Json whitespace hijacking by Stefan Grimminck which I decided to share. To summarize Json allows “insignificant whitespace” characters as the article says and this can be leveraged to smuggle code into a system. Json is literally everywhere so you can imagine the possible consequences. Luckily Yara can be leveraged and he even provides the yara file

https://grimminck.medium.com/json-smuggling-a-far-fetched-intrusion-detection-evasion-technique-51ed8f5ee05f

VMCA2022, VMCE2023, CKA, CKAD, KCNA, LFCS, PCA,TARS

2 comments

coolsport00
Userlevel 7
Badge +17

Thanks for sharing this possible threat and Yara to help detect it Geoff. 

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
Chris.Childerhose
Userlevel 7
Badge +20

Nice to see Yara at work with Veeam and this vulnerability.  Thanks for sharing this.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech

Comment


Terms & Conditions