Greetings,
I have a question about getters and setters in prototypes, which are
used in the XSS attacks, and probably are depreciated or removed from
Rhino and Javascript .
E code snippet:
// override the constructor used to create objects so
// that whenever the "email" field is set, the method
// captureObject() will run. Since "email" is the final field,
// this will allow us to steal the whole object.
function Object() {
this.email setter = captureObject;
}
This example is taken from :
www.fortify.com/servlet/download/public/JavaScript_Hijacking.pdf,
where that kind of XSS attack has been described.
I know that setters and getters of this type were used by Mozilla
( not by IE ) and that they are removed and I think that two other
setter and getter constructions described in :https://
developer.mozilla.org/En/
Core_JavaScript_1.5_Guide:Creating_New_Objects:Defining_Getters_and_Setters
can be depreciated or removed from the newer versions of Rhino/
Javascript, as well.
One of them is:
js> var d = Date.prototype;
js> d.__defineGetter__("year", captureObject);
js> d.__defineSetter__("year", captureObject);
another one is uses get set PropertyName like get a b(){return 1}
My question is :
How to change the Rhino in such a way , that it will throw a
"VulnerabilityException" instead of a syntax error, when the
depreciated version of Mozilla Javascript getter/setter is detected.
It will be useful for the malware detection ?
Tadeusz Slupski
_______________________________________________
dev-tech-js-engine-rhino mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-js-engine-rhino
