Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Js injection help

  1. Home
  2. Forum
  3. Javascript
  4. Js injection help

ghostraider100's Avatar

ghostraider100

Member
0 0

Hey guys i couldn't undestand how an js injection works. Some1 demo me with a example/syntax how it should be used, in a URL.


Mtutnid's Avatar

Mtutnid

Member
0 0

Have you tried google?


ghostraider100's Avatar

ghostraider100

Member
0 0

S, i've tried but i cant get it lol. If u hav a good tutors url post here.


Mtutnid's Avatar

Mtutnid

Member
0 0

learn javascript and then start with injections. You can execute things like MoshBat showed above


ghostraider100's Avatar

ghostraider100

Member
0 0

i've tried tat code lol it doest hav any effect hbh challanges(js9 esp.).


ghostraider100's Avatar

ghostraider100

Member
0 0

@moshbat i know some basic commands such as alert, document.write, then string manip, functions, etc.,


techb's Avatar

techb

Member
0 0

speaking of js injections, I found this on hackaday; it will turn any page into a Katamari game.

CODE::

javascript:var i,s,ss=['http://kathack.com/js/kh.js','http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js'];for(i=0;i!=ss.length;i++){s=document.createElement('script');s.src=ss[i];document.body.appendChild(s);}void(0);

if that didn't work. It can be found here. I have even tried it here on HBH and if you get enough to stick to the ball, it will pick up the banner too.


t0xikc0mputer's Avatar

t0xikc0mputer

Member
0 0

techb wrote: speaking of js injections, I found this on hackaday; it will turn any page into a Katamari game.

CODE::

javascript:var i,s,ss=['http://kathack.com/js/kh.js','http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js'];for(i=0;i!=ss.length;i++){s=document.createElement('script');s.src=ss[i];document.body.appendChild(s);}void(0);

if that didn't work. It can be found here. I have even tried it here on HBH and if you get enough to stick to the ball, it will pick up the banner too.

That's so cool!


ghost's Avatar

ghost

0 0

techb wrote: speaking of js injections, I found this on hackaday; it will turn any page into a Katamari game.

CODE::

javascript:var i,s,ss=['http://kathack.com/js/kh.js','http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js'];for(i=0;i!=ss.length;i++){s=document.createElement('script');s.src=ss[i];document.body.appendChild(s);}void(0);

if that didn't work. It can be found here. I have even tried it here on HBH and if you get enough to stick to the ball, it will pick up the banner too.

quick newbie question… Let's say this code is injected in some website vulnerable to SS… will the page itself be a katamari game permanently (obvious;y till it gets patched)? :evil:


ghost's Avatar

ghost

0 0

You can think of an xss made in a forum post, a guest book post etc. Then yes. Otherwise you must indeed send a horribly misformed URL, or at least send something to a specific person.