Skip to main content

Json hijacking whitespaces

Geoff Burke
Forum|alt.badge.img+22

Very revealing post about Json whitespace hijacking by Stefan Grimminck which I decided to share. To summarize Json allows “insignificant whitespace” characters as the article says and this can be leveraged to smuggle code into a system. Json is literally everywhere so you can imagine the possible consequences. Luckily Yara can be leveraged and he even provides the yara file

https://grimminck.medium.com/json-smuggling-a-far-fetched-intrusion-detection-evasion-technique-51ed8f5ee05f

VMCA2024, VMCE2023, VMCE2024-SP,CKA, LFCS, PCA,TARS

2 comments

coolsport00
Forum|alt.badge.img+20
  • coolsport00
  • Veeam Legend
  • 4139 comments
  • February 23, 2024

Thanks for sharing this possible threat and Yara to help detect it Geoff. 

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
Chris.Childerhose
Link State
2 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • Link State
    Link State
Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 8492 comments
  • February 23, 2024

Nice to see Yara at work with Veeam and this vulnerability.  Thanks for sharing this.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Link State
1 person likes this
  • Link State
    Link State

Comment


Terms & Conditions