Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Javascript Injections


Javascript Injections

By ghostghost | 8605 Reads |
0     0

Javascript Injections

These three things i will try to explain to you: Injection Basics, Cookie and Form Editing. In these articles i will teach you only the super basics of javascript and for all those who want to learn more, google advanced

javascript injections :)

Basics

All you need for injecting this very useful stuff, is URL. When you use them, delete the whole url bar, even http:// - leave your bar totally empty, and then…onto the injecting.

First thing your have to type is '' javascript: '' (without '' '') That means we are using, guess what, javascript??? There are 2 main commands that you will use (sometimes even one) - they are: alert(); and void();

Now that we know something about this, we are going to make a simple task. Go to any site and try to make a window appear saying: I got it

Try to do it on your own, and if you cant write it, look here: javascript:alert('I got it');

Cookies (yummy)

If you are not familiar with the term ''cookie'' please google it because i dont want to explain it now. So, after you found out what cookies are, we will learn how to view them. We will check them with a simple script like this: javascript:alert(document.cookie); Now, you will see a pop-up window displaying information on your cookies.

For editing, we have to use that void(); command javascript:void(document.cookie="Field=Value"); This script can change the existing info or create a new value. Replace ''Field'' with an existing field or create a new values. Then replace ''Value'' with whatever you want. This is a very popular script: javascript:void(document.cookie="Authorized=yes");alert(document.cookie); This alert(document.cookie); at the end will show you the effect of this script.

Forms

To edit the values, you can sometimes edit the downloaded html and submit whatever you want. Then, the form comes up. Every form is stored like this: forms[x] X is the number which starts with 0 and goes on by order (1,2,3,…) The most common situation will be that x is 0 so,…. forms[0]

I saw a challenge on HTS requiring to combine e-mail and javascript. You cant download the script but you can check to see what value a certain form element has by using this script: javascript:alert(document.forms[0].to.value)

So, heres the example: javascript:void(document.forms[0].to.value=''your email");alert(document.forms[0].to.value); Again, just like the alert(document.cookie); at the end will show you the effect.

Another example goes like this (also from HTS): javascript:void(document.forms[0].dir.value="logFiles");alert(document.forms[0].dir.value) Try to figure it out ;)

That's about it guys Hope u rate it:)

Sauron (somewhere 666Diablo)

Comments
ghost's avatar
ghost 18 years ago

Ignore those <i></i>, Just delete them when using javascript. It is automatically set. Probably because of seecurity.

ghost's avatar
ghost 18 years ago

nice, has everithing basic:D

ghost's avatar
ghost 18 years ago

Awesome –> must see for everyone that's new in JS-injecting!

Keep writing dude, sql injections maybe :P?

ghost's avatar
ghost 18 years ago

ty so much this helped alot :D

ghost's avatar
ghost 18 years ago

This is stolen from here? Sorry if I am accusing you wrong…

ghost's avatar
ghost 18 years ago

Sry to disappoint you, but no…

ghost's avatar
ghost 18 years ago

I am not disappointed, I'm sorry dude - the articles are very look-a-like.

My mistake – Nice article.

ghost's avatar
ghost 18 years ago

Well, all javascript articles are very similar. Think about it. What could u write that is different than the other article…not much, right ;)

ghost's avatar
ghost 17 years ago

You've got a point Sauron, but if you want other examples try looking at javascript objects and the js html dom page on w3schools. Pretty good introductory article though.

ghost's avatar
ghost 17 years ago

um i have a problem when i put the whole javascript:alert(docu<i></i>ment.cookie); nothing happens i dont know what to do….

ghost's avatar
ghost 17 years ago

Nice article. Very good for beginners. ;)

ghost's avatar
ghost 15 years ago

jtkode: Remove the '<i></i>'

So you'll be using this… 'javascript:alert(document.cookie); Reason for this: It is automatically set ;)

Hope this helps and good luck :)