Recent Posts

Abusing JSONP to grab user credentials

I find that a company implements cross-domain authentication using JSONP and cookies.There is the login flow: ``` GET /api/cross/getsign?callback=test HTTP/1...