Basic 13
Basic 13
Modifying the values of a form can be done in multiple ways. One way is saving the document to a local hard disk drive, and modifying the value locally. This is called an XSS attack, and can be dealt with by checking the HTTP Refferer.
An even easier way, however, is modifying the value via javascript. First and foremostly, however, using javascript can be complicated if you've never seen it before. I'll skip the very, very basics and jump right into the mix. (Remember kids, Google "javascript tutorial" before asking "how do i do this???")
First off, because we are modifying a piece of the data, we need to use the document string. (Please forgive me, as I don't know the "official" term for it.)
javascript:void(document
Secondly, we have to find out which form we are modifying. You can commonly use the "name="Blah"" part of a form to find this out. But wait, what if it doesn't have one?
A part of javascript called "layers" was introduced by Netscape 6 several years ago, which allows us to choose from an array of different HTML elements. The format for this is "forms[number]." The "number" part of this represents the number in which the HTML element is loaded into the page. For example, suppose you had two forms on a page, and you wanted to choose the second one. You would use
javascript:void(document.forms[1]
to access it. The reason you would use the 1st element is because javascript arrays begin with the 0th element.
Now you repeat the process with elements[], and options[]. They're both essentially replacements for using the actual name of a form. (I find this more useful than using the name, simply because of my own preferences.)
So if you had a form like: Form1
Form2 (This is the form[]) |-Radio (This would be the element[]) |–Option1 |–Option2 |-Select (We want this element[], so we use element[1]) |–Option1 (We want this options[], so we use options[0]) |–options2
javascript:void(document.forms[1].elements[1].options[0]
If we want to change the value, we would use the 'value' layer of the javascript.
javascript:void(document.forms[1].elements[1].options[0].value="New Value");
And thus concludes my tutorial on editing SELECT variables from forms directly. If you use the article, please take five seconds and rate or comment on the article.
ghost 18 years ago
Sure the article was long for the challenge, but it gives a really good description of how to do this sort of thing in more contexts. Great job!
ghost 18 years ago
Thanks for all the positive feedback, and I choose a short mission to best elaborate on this subject, as it's really just scattered about the internet.
ghost 18 years ago
V.good, but the easiest method must be saving it to your hard drve and editing it there. Thanks.
ghost 18 years ago
Actually, I found using javascript was easier than XSS (Cross-Site Scripting) attack, mainly because I'm a command-line kind of guy.
ghost 18 years ago
Thanks man, this got me that challenge!! i really dont get it though, why change the names to something like forms, why not form? odd. Thanks!!!
interslice 18 years ago
nice article dude. but i have to agree with dantronix. saving it to your hdd takes less than a minute.
ghost 18 years ago
As to everyone talking about saving it to your HDD, what about when you can't, or more importantly shouldn't? Javascript, in this situation, is a swiss army knife.
ghost 18 years ago
Yea, injections are definetly the way to go… After using them enough I'd have to say it's a ton easier than saving it to the hard drive and editing it… And this way you don't have to worry about editing other stuff in the forms (ie. the redirect url)… And finding and executing the injection definetly takes less than a minute as well, and its not as messy…
ghost 18 years ago
hey man great article but how do u countthe forms e.g
when does one form start and how do u no?
ghost 18 years ago
really great article!!! that will solve some problems but i still can't do the challenge:|
ghost 17 years ago
Very good article, it teached me a lot about a short challenge, but it was very useful :happy::ninja: