I'm not sure if this is even a valid question but I want to know how it works on websites where you might purchase something.
Ex: I'm on Amazon - I decide I want to buy a watch. I add it to my cart and I go to click "buy". As I do that - some malicious client side script tries to do the following: updates the info to add an item, or change the item to something else.
Let's say it does this and adds 1 item for a book to some random vendor. Even if there is server side validation and Amazon comes back and asks me to confirm before purchasing the malicious client side script could alter what that page looks like and scrub it of the book and adjust the "total" price so that it only looks like I'm buying the watch but the server things I'm buying the watch + book.
Heres a summary/visual:
1. Customer adds a watch to their cart
|
v
2. Malicious script adds a book to the cart
|
v
3. Customer proceeds to checkout and reviews the order
|
v
4. Malicious script alters the display of the checkout page
(hides the book and adjusts the total price)
|
v
5. Customer confirms the order, unaware of the hidden book
What things are used to prevent this on the client/server side?
