Same Origin Method Execution - Exploiting a Callback for Same Origin Policy Bypass

Explore the powerful "Same Origin Method Execution" (SOME) technique in this Black Hat conference talk. Discover how SOME exploits JSONP to bypass Same Origin Policy restrictions, allowing attackers to perform unlimited unintended actions on websites. Learn the differences between SOME and click-jacking, understanding why SOME is not confined by UI, browser type, HTTP headers, or specific webpages. Examine how JSONP creates vulnerabilities across entire domains, even in highly protected environments. Gain insights into the severe potential damage of SOME attacks, which can occur without user interaction. Dive into an introduction, objectives, Same Origin Policy explanation, JSON and JSONP concepts, callback mechanisms, practical examples, and a live demonstration. Conclude with a discussion on protections and solutions to mitigate SOME vulnerabilities.

Introduction
Objectives
Same Origin Policy
What is Jason
Jason with Padding
Callback
What else can you do
Example
Demo
Protections
Solutions