Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions

Prev | Current Page 78 | Next

Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos

"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"

domain with
__defineGetter__() so that document.domain returns any string of the attacker??™s
choice. This does not affect the browser??™s same origin policy as it affects only the
JavaScript engine and not the underlying Document Object Model (DOM), but it could
affect JavaScript applications that rely on document.domain for backend cross-domain
requests. For example, suppose that a backend request to http://somesite.com/GetInfor
mation?callback=callbackFunction responded with the following HTTP body:
function callbackFunction() {
if ( document.domain == "safesite.com") {
return "Confidential Information";
}
return "Unauthorized";
}
An attacker could get the confidential information by luring a victim to the attacker??™s
page that contained this script:

This HTML code sets the document.domain via __defineGetter__() and makes
a cross-domain request to http://somesite.com/GetInformation?callback=callback
Function.

Pages:
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90

After the Rain : how the West lost the East (page 99) A History of Indian Philosophy, Volume 1 (page 548) The Adventures of Tom Sawyer, Part 3. (page 23)

Books for you

Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos

"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"