Attacking APIs Using JSON Injection

(danaepp.com)

1 points | by eadmund5 小时前

1 comments

  • eadmund5 小时前
    > JSON Injection → SQL Injection → Buffer Overflow → ROP = PWNED

    Looked at another way, there were multiple opportunities to get it right, and they got it wrong every time.

    What’s remarkable is that JSON is a tiny specification. Writing a correct JSON parser should be child’s play for a decent engineer using decent tools.