

JSON sniffing with UTF-7 injections - Sephr
http://code.eligrey.com/poc/json-sniffing/poc.html
It will only work in browsers that support UTF-7, which as far as I know is only Firefox. The decoded UTF-7 injected code is as follows:<p><pre><code>    "}].sniff=[stealData,{"__IGNORE__":"</code></pre>
======
Sephr
It will only work in browsers that support UTF-7, which as far as I know is
only Firefox. The decoded UTF-7 injected code is as follows:

    
    
        "}].sniff=[stealData,{"__IGNORE__":"

------
mooism2
What's the vulnerability? It's not explained.

