Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Basic 13

By ghostghost | 7493 Reads |
0     0

Modifying the values of a form can be done in multiple ways. One way is saving the document to a local hard disk drive, and modifying the value locally. This is called an XSS attack, and can be dealt with by checking the HTTP Refferer.

An even easier way, however, is modifying the value via javascript. First and foremostly, however, using javascript can be complicated if you've never seen it before. I'll skip the very, very basics and jump right into the mix. (Remember kids, Google "javascript tutorial" before asking "how do i do this???")

First off, because we are modifying a piece of the data, we need to use the document string. (Please forgive me, as I don't know the "official" term for it.)

javascript:void(document

Secondly, we have to find out which form we are modifying. You can commonly use the "name="Blah"" part of a form to find this out. But wait, what if it doesn't have one?

A part of javascript called "layers" was introduced by Netscape 6 several years ago, which allows us to choose from an array of different HTML elements. The format for this is "forms[number]." The "number" part of this represents the number in which the HTML element is loaded into the page. For example, suppose you had two forms on a page, and you wanted to choose the second one. You would use

javascript:void(document.forms[1]

to access it. The reason you would use the 1st element is because javascript arrays begin with the 0th element.

Now you repeat the process with elements[], and options[]. They're both essentially replacements for using the actual name of a form. (I find this more useful than using the name, simply because of my own preferences.)

So if you had a form like: Form1

Form2 (This is the form[]) |-Radio (This would be the element[]) |–Option1 |–Option2 |-Select (We want this element[], so we use element[1]) |–Option1 (We want this options[], so we use options[0]) |–options2

javascript:void(document.forms[1].elements[1].options[0]

If we want to change the value, we would use the 'value' layer of the javascript.

javascript:void(document.forms[1].elements[1].options[0].value="New Value");

And thus concludes my tutorial on editing SELECT variables from forms directly. If you use the article, please take five seconds and rate or comment on the article.

Comments
ghost's avatar
ghost 18 years ago

long article for a short challenge, but I like it :D

ghost's avatar
ghost 18 years ago

good description on the type of injection, nice

ghost's avatar
ghost 18 years ago

Sure the article was long for the challenge, but it gives a really good description of how to do this sort of thing in more contexts. Great job!

ghost's avatar
ghost 18 years ago

Thanks for all the positive feedback, and I choose a short mission to best elaborate on this subject, as it's really just scattered about the internet.

ghost's avatar
ghost 18 years ago

yea i liked it… very informative..

ghost's avatar
ghost 18 years ago

V.good, but the easiest method must be saving it to your hard drve and editing it there. Thanks.

ghost's avatar
ghost 18 years ago

Actually, I found using javascript was easier than XSS (Cross-Site Scripting) attack, mainly because I'm a command-line kind of guy.

ghost's avatar
ghost 18 years ago

Thanks man, this got me that challenge!! i really dont get it though, why change the names to something like forms, why not form? odd. Thanks!!!

ghost's avatar
ghost 18 years ago

great article! good detail, and explained everything clearly! Thank you!

interslice's avatar
interslice 18 years ago

nice article dude. but i have to agree with dantronix. saving it to your hdd takes less than a minute.

ghost's avatar
ghost 18 years ago

As to everyone talking about saving it to your HDD, what about when you can't, or more importantly shouldn't? Javascript, in this situation, is a swiss army knife.

ghost's avatar
ghost 18 years ago

Yea, injections are definetly the way to go… After using them enough I'd have to say it's a ton easier than saving it to the hard drive and editing it… And this way you don't have to worry about editing other stuff in the forms (ie. the redirect url)… And finding and executing the injection definetly takes less than a minute as well, and its not as messy…

ghost's avatar
ghost 18 years ago

hey man great article but how do u countthe forms e.g

when does one form start and how do u no?

ghost's avatar
ghost 18 years ago

very helpful article and insanely easy to understand.

ghost's avatar
ghost 18 years ago

Really good article, thx.

ghost's avatar
ghost 18 years ago

really great article!!! that will solve some problems but i still can't do the challenge:|

ghost's avatar
ghost 17 years ago

Very good article, it teached me a lot about a short challenge, but it was very useful :happy::ninja:

ghost's avatar
ghost 17 years ago

great article - really explained this well for me :happy:

ghost's avatar
ghost 13 years ago

very good article, nice work :D

ghost's avatar
ghost 13 years ago

very good article, nice work :D