Javascript injection help

Hi i need help on the javascript injection….I tried the cookie javascript:alert(docu<i></i>ment.cookie);…But i didn't see any pop up comming up saying the information of the cookies….Would anyone tell me what i'm doing wrong…Please and thank you.

try: javascript:alert(document.cookie)

Okay, first of all, I hope you didn't include the italics tags. If you did, don't! - that tells me that you copied it straight out of a article or forum without doing any research on the subject. Look up javascript - use google, go to w3schools.com. There are a million ways to confirm information before using it. You can't just take one source and expect it to be correct everytime. If something that you read somewhere doesn't work - look elsewhere.

So, the task at hand for you is as follows:

1. Look up italics tags - hint: you will find them in html information. Once you figure out what they are and what they are used for - exclude them from your javascript command.

2. look up javascript commands - hint: go to www.w3schools.com - you will find a nice javascript tutorial link on their first page- go to it and read up.

Hey thanks….But one more problem….I need to know how do i know i found information on th username and password of other accounts in other pages??All i see is numbers and letters in a pop up dialog box.Thanks again.

Which challenge are you working on?

No it's not a chellenge in hellboundhackers challenge section….It's just in general…Websites like localhookupz.com…..I'm trying to look at all the usernames and passwords that has been saved in the web…..I wanna e able to view them in the cookies.thanks again.

rofl… What are you talking about amigo?!… Do you know what cookies do?!… … … Cuz it's definetly not that… Cookies store information about you, it's like handing out name tags after you login… It's information that's specific to you usually… Then on other pages throughout the website they're able to identify who you are based on the cookie information that was assigned to you at login… There's nothing in the cookie that's gonna help you get other user's information!!!… If you can somehow manage to get other peoplez cookie information tho (ie. xss attack) then you can sometimes use a javascript injection to "steal their identity" and login as them… Try google?… Maybe consider reseach?…

Oh and i wanted to know…….WHy doesnt this injection work on the guestbooks when it try using it…<img src="javascript:alert('noob')">.I put that in a guestbook….i made sure that it was vulnerable with html….i put the <u> tags on to see if it worked….it did….then i put <img src="javascript:alert('noob')"> in the guestbook and i didnt see any pop up come up saying noob…What am i doing wrong?Thanks.

Oh and i wanted to know…….WHy doesnt this injection work on the guestbooks when it try using it…<img src="javascript:alert('noob')">.I put that in a guestbook….i made sure that it was vulnerable with html….i put the <u> tags on to see if it worked….it did….then i put <img src="javascript:alert('noob')"> in the guestbook and i didnt see any pop up come up saying noob…What am i doing wrong?Thanks.

rofl

you started it out with an image, that means that what comes after needs to be the url of an image, not a javascript. you can find out how to embed javascript into an image, that will work. also, just because something is html injectable doesnt mean it will accept javascript. try going to w3 and looking at the javascript tutorial. it will show u how to make a popup.

I already know how to make a pop up…….markupjavascript:alert("Hello world!")…….I just want to know where is the best place to hack guestbooks.

just…. dont hack guestbooks…. its lame… "omg john! someone hacked our guestbook!" john: "…"

Oh well, i just wanted to know how/where is the best place to use javascript hacking.

cough cough

brings up a lung with the word "skiddy" on it

yuo've almost got to give him credit fopr just coming out and saying "i want to deface peoples guestbooks!"

but seriously… you thought you could get people passwds from cookies?

dies laughing

Oh come on. Give him a break. He's new for God's sake. ^^And fix your spelling before you flame/laugh at other people. Othrwies u l00k lke an idito

This Thread Rocks! (:

Here's the rockz0rd command. markupjavascript:void(document.EnterTheSiteWithCookies);

By the way, remember to tell me if it works.