AJAX - Silent Transaction Attacks

Any system that silently processes transactions using a single submission is dangerous to the client.

ex.

If a normal web application allows a simple URL submission, a preset session attack will allow the attacker to complete a transaction without the user's authorization.

In AJAX it gets worse: the transaction is silent; it happens with no user feedback on the page, so an injected attack script may be able to steal money from the client without authorization

Solution

Inspect element on the 'Confirm' button

As we can see, this calls the processData JavaScript function
If we open the link to this code in the script tag we see…

There are two functions processData and submitData
processData performs validation on user input and updates the user on the status of the transaction
However, submitData performs the actual submission of the data
Go back to the HTML source code and replace the processData function call with the submitData function call

You can now perform silent transactions against the user
For any transaction you perform, the processData function will never get called, thus they will never get notified
- Instead it will go straight to submission
- No validation will be performed either

PreviousJSON Injection NextAJAX - Insecure Client Storage

Last updated 1 year ago