Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
|
387
Example 3 Let’s take a look at another simple example involving the eval() function: var url=location.hash.split('#')[1] (function (disco){ eval(disco); }(url)); The scenario is similar to the earlier one; the input taken via location.hash reaches the eval function, hence resulting in a dom-based XSS. 388 ◾ Ethical Hacking and Penetration Testing Guide Example 4 Let’s take an example based upon OOP (object-oriented programming) and see if jsprime is able to detect it: function template() {} template.prototype = new Object; template.prototype.html = div.innerHTML; template.prototype.param = location.hash.split('#')[1]; function clone() {} clone.prototype = new template; var xy = new clone(); xy.html = xy.param; This is an example of js prototype-based inheritance, a widely known concept in OOP. We have a class called template, which we have used to create a new object. Next, we assigned the new property of the template class called html to an object with innerHTML attribute; in this case, it’s a div element. Next, we have another property called param, which takes input from the user via location. hash. Next, we have a new class called clone, which inherits the values from the existing class called template. In the case of an inheritance, all the member properties of parent class are also accessible by this new class. In short, we are basically assigning the value of param property, holding the user input to the html property, which contains the sink div.innerHTML, hence resulting in a DOM-based XSS. If you are still confused about what this code is doing, I would suggest you to read about OOP programming concepts in JavaScript. Jsprime is able to detect the following OOP code: As you can see, the source location.hash reaches the sink div.innerHTML, which is the root cause of the dom-based XSS. Yüklə 22,44 Mb. Dostları ilə paylaş:
|