If ( LUX && LUX.doUpdate) LUX.doUpdate(204);

if ( LUX && LUX.doUpdate) LUX.doUpdate(204);
what does this mean can anybody please explain

Looks like Javascript that first tests whether the LUX object exists (is non-null), then tests whether the LUX object has a member function called doUpdate(). If both of those tests pass, then it calls the LUX.doUpdate() function with parameter of Integer/Number with value 204.

My take is it’s basically just trying to prevent ObjectNotFound exception (or worse) from occurring. Zooming out a little bit, such snippets remind us that Javascript is a weakly-typed and just-in-time (JIT) language.

Looking at it from the web hacking perspective, consider that you could possibly overwrite the doUpdate() function with your own attacker-controlled code, if you were able to pull off some sort of script inclusion. For example, if you could manage to include your own JS between the time LUX is created and LUX.doUpdate() is called, then you can control the code execution (like the below snippet). Of course, whether that buys you anything is highly dependent on the context.

LUX.doUpdate = function( a ) {

// do something evil

};

Hope that helps!

1 Like

thank you so much you explained it so well

1 Like