Reflected File Download (RFD) is an attack executed through a combination of URL path segments with web services. An attacker can perform reflected file download attack through JSONP injection. This vulnerability is used to inject malware into the end users system. JSONP injection is an injection attack that affects the JSON files used in the application. An attacker can insert files on the API link using semicolons(;). When the link gets executed by the browser, it will consider it as a file and execute the file. The attacker can take leverage of this vulnerability to make the end users download the malicious file.
For an attacker to perform an RFD attack, the attacker must be able to:-
Nowadays, a JSON and JSONP files are used by almost all web applications because the application can asynchronously load data into the pages. This implementation helps to reduce the amount of traffic between the application and clients.
Consider the following link is vulnerable to reflected file download vulnerability.
In the above URL, everything between the semi-colons will not be processed. Instead, the browser will consider it as a file name and download it and execute the file without checking. The downloaded file will be executed as a batch file and calc.exe will be executed.
Using this attack, the attacker can do the following impacts:-
Beagle recommends the following fixes-