Web application security - the fast guide 1.1 | Page 102

Chapter 5 - Attack Execution the client
P a g e | 102
Attack process
A. bind an object's property to a function to be called when an attempt is
made to set that property.
B. the overridden setter function is invoked to read the objects being created
C. malicious JavaScript can forward it to the attacker’s server.
Example:
The following Json array returned by the site for authenticated user
[
{ name: "Sami", destination: "New York", date: "Nov 1, 2010" },
{ name: "Christopher", destination: "Pittsburgh", date: "June 25 2010" },
{ name: "Joseph", destination: "Puerto Rico", date: "Sept 17, 2010" },
{ name: "Santa", destination: "New Zealand", date: "June 15, 2010" }
]
The attacker sends the victim browser a link for funny movie.