Javascript Injections
Javascript Injections
ghost | 8849 Reads | Javascript Injections
These three things i will try to explain to you: Injection Basics, Cookie and Form Editing. In these articles i will teach you only the super basics of javascript and for all those who want to learn more, google advanced
javascript injections :)
Basics
All you need for injecting this very useful stuff, is URL. When you use them, delete the whole url bar, even http:// - leave your bar totally empty, and then…onto the injecting.
First thing your have to type is '' javascript: '' (without '' '') That means we are using, guess what, javascript??? There are 2 main commands that you will use (sometimes even one) - they are: alert(); and void();
Now that we know something about this, we are going to make a simple task. Go to any site and try to make a window appear saying: I got it
Try to do it on your own, and if you cant write it, look here: javascript:alert('I got it');
Cookies (yummy)
If you are not familiar with the term ''cookie'' please google it because i dont want to explain it now. So, after you found out what cookies are, we will learn how to view them. We will check them with a simple script like this: javascript:alert(document.cookie); Now, you will see a pop-up window displaying information on your cookies.
For editing, we have to use that void(); command javascript:void(document.cookie="Field=Value"); This script can change the existing info or create a new value. Replace ''Field'' with an existing field or create a new values. Then replace ''Value'' with whatever you want. This is a very popular script: javascript:void(document.cookie="Authorized=yes");alert(document.cookie); This alert(document.cookie); at the end will show you the effect of this script.
Forms
To edit the values, you can sometimes edit the downloaded html and submit whatever you want. Then, the form comes up. Every form is stored like this: forms[x] X is the number which starts with 0 and goes on by order (1,2,3,…) The most common situation will be that x is 0 so,…. forms[0]
I saw a challenge on HTS requiring to combine e-mail and javascript. You cant download the script but you can check to see what value a certain form element has by using this script: javascript:alert(document.forms[0].to.value)
So, heres the example: javascript:void(document.forms[0].to.value=''your email");alert(document.forms[0].to.value); Again, just like the alert(document.cookie); at the end will show you the effect.
Another example goes like this (also from HTS): javascript:void(document.forms[0].dir.value="logFiles");alert(document.forms[0].dir.value) Try to figure it out ;)
That's about it guys Hope u rate it:)
Sauron (somewhere 666Diablo)
ghost 18 years ago
Ignore those <i></i>, Just delete them when using javascript. It is automatically set. Probably because of seecurity.
ghost 18 years ago
Awesome –> must see for everyone that's new in JS-injecting!
Keep writing dude, sql injections maybe :P?
ghost 18 years ago
I am not disappointed, I'm sorry dude - the articles are very look-a-like.
My mistake – Nice article.
ghost 18 years ago
Well, all javascript articles are very similar. Think about it. What could u write that is different than the other article…not much, right ;)
ghost 18 years ago
You've got a point Sauron, but if you want other examples try looking at javascript objects and the js html dom page on w3schools. Pretty good introductory article though.
ghost 18 years ago
um i have a problem when i put the whole javascript:alert(docu<i></i>ment.cookie); nothing happens i dont know what to do….
ghost 16 years ago
jtkode: Remove the '<i></i>'
So you'll be using this… 'javascript:alert(document.cookie); Reason for this: It is automatically set ;)
Hope this helps and good luck :)