mala · November 25, 2011 06:26
diff --git a/gistfile1.html b/gistfile1.html
 <html>
 <head>
 <title>JSON Hijacking Test</title>
 </head>
 <body>
 <script>
 Object.prototype.__defineSetter__('test', function(val){ alert(val); return val });

 a = [ {"test": "hoge"} ];
 b = {"hoge": "hoge"};
 b.test = "hoge2";

 Object.defineProperty(Object.prototype, 'user', {
    set:function(obj) {
        for(var i in obj) {
            alert(i + '=' + obj[i]);
        }
    }
 });
 c = [{ user: {key: "value"}  }];
 c.user = {a: 12345};

 Array = function(){ alert(1) };
 d = [1,2,3,4,5];
 Array = function(){ alert(2) };
 e = new Array();
 </script>
 </body>
 </html>
	<html>
	<head>
	<title>JSON Hijacking Test</title>
	</head>
	<body>
	<script>
	Object.prototype.__defineSetter__('test', function(val){ alert(val); return val });

	a = [ {"test": "hoge"} ];
	b = {"hoge": "hoge"};
	b.test = "hoge2";

	Object.defineProperty(Object.prototype, 'user', {
	set:function(obj) {
	for(var i in obj) {
	alert(i + '=' + obj[i]);
	}
	}
	});
	c = [{ user: {key: "value"} }];
	c.user = {a: 12345};

	Array = function(){ alert(1) };
	d = [1,2,3,4,5];
	Array = function(){ alert(2) };
	e = new Array();
	</script>
	</body>
	</html>
No results found