This hook allows the malicious code to get access to the creation of each object and transmit the possibly sensitive contents of the captured JSON object to the attackers' server. The malicious page also contains malicious code to capture the JSON object returned by the server before any other processing on it can take place, typically by overriding the JavaScript function used to create new objects. An attacker gets the victim to visit his or her malicious page that contains a script tag whose source points to the vulnerable system with a URL that requests a response from the server containing a JSON object with possibly confidential information. Pelco Digital Sentry Server 7.17.136.11334Īn attacker targets a system that uses JavaScript Object Notation (JSON) as a transport mechanism between the client and the server (common in Web 2.0 systems using AJAX) to steal possibly confidential information transmitted from the server back to the client inside the JSON object by taking advantage of the loophole in the browser's Same Origin Policy that does not prohibit JavaScript from one website to be included and executed in the context of another website.Pelco Digital Sentry Server 7.7.313.9650.Pelco Digital Sentry Server 7.7.309.9631.Pelco Digital Sentry Server 7.5.609.8802.Pelco Digital Sentry Server 7.4.363.7915.Pelco Digital Sentry Server 7.4.320.7640.
Pelco Digital Sentry Server 7.4.149.7253.
0 kommentar(er)
