JavaScript hijacking

Also, the scripts executed in a website that's protected by the same-origin policy are under restrictions. So, a request generated by the script follows the same rules. If we want to execute a request using JavaScript to avoid the same-origin policy, you need to force the script to execute it in order to comply with the rule and execute the request in the script, for example:

function( 
const Http = new XMLHttpRequest(); 
const url='https://jsonplaceholder.typicode.com/posts'; 
Http.open("GET", url); 
Http.send(); 
Http.onreadystatechange=(e)=>{ 
console.log(Http.responseText) 
} 
); 
 
<script> 
function function(message) { alert(message); } 
</script> 
<script src="http://testsite.com/file.aspx"> 
</script> 

In the preceding example, we are including the request in a JavaScript function. When the JavaScript function is loaded by the website, the code is also included, and executed as part of the same domain.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.188.229.246