Geeks With Blogs

News Locations of visitors to this page
Ariel Popovsky's Blog Aventuras y desventuras con .net

I was debugging a script injection issue the other day using some sample code with an alert in it. The alert was popping out meaning the code got executed leaving open the possibility for a hacker to put there some nasty malicious code. I knew my alert was being executed but didn’t know how. So I tried something that worked perfectly for this problem, replaced the native alert function with my own one.

All I had to do in Chrome was open the javascript console and type:

alert = function(msg){ console.log(msg); console.trace(); };

The next time the malicious code was executed, instead of the regular alert I got something similar to this:

 

alert("testing")

testing

console.trace()

alert:2

(anonymous function):2

InjectedScript._evaluateOn:312

InjectedScript._evaluateAndWrap:294

InjectedScript.evaluate:288

undefined

In my case I was able to see what was going on and find the offending function.

This was tested on Firebug in Firefox and it works as.

Posted on Friday, March 11, 2011 6:40 PM Otros | Back to top


Comments on this post: Finding an alert in the middle of your javascript

No comments posted yet.
Your comment:
 (will show your gravatar)


Copyright © Ariel Popovsky | Powered by: GeeksWithBlogs.net