The 2014 Pwnie Nominee For Best Server-Side Bug

Abusing JSONP with Rosetta Flash (CVE-2014-4671)

Credit: Michele Spagnuolo and Gábor Molnár (independent co-discovery)

Universal Same Origin Bypass in all websites implemeting JSONP through a crafted printable-ASCII only Shockwave Flash file.

(CVE-2014-4671)