Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Kalkumar
Partner - Contributor III
Partner - Contributor III
‎2024-03-04 02:49 AM

Qlikview JavaScript Hijacking: JSONP

Hi,

We got a security finding in our Qlikview dashboard scan named "JavaScript Hijacking: JSONP."

 I wanted to know if JSON data is being validated in Qlikview. 

Details and screenshot:- 

JSON Hijacking is an advanced attack that similar in form to Cross-Site Request Forgery but more dangerous in that a malicious site is able to obtain information from the target site. This interception ("hijacking") of confidential data occurs when a response to a HTTP GET request is returned in JSON format. JSON Hijacking is a technique that through overloading the Array or Object constructures in browser scripting languages with constructors which allows an attacker to intercept the data. This allows the malicious site to monitor JSON messages and possibly steal sensitive data.


Labels (4)
Labels
Preview file
134 KB
112 Views
0 Likes
0 Replies