Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

JS injection

  1. Home
  2. Forum
  3. Web hacking
  4. JS injection

ghost's Avatar

ghost

0 0

hello, can someone help me with js injection? i have this button: markup<input class="regularBtn" type="submit" value="Confirm" onclick="return verify_points();" /> and this code

<script type="text/javascript">
    function verify_points() {
      var points = 5;
              if ($('exchange_3days').checked) {
          if (points < 1500) {
            alert("Not enough points!");
            return false;
          }
        }
              if ($('exchange_7days').checked) {
          if (points < 2500) {
            alert("Not enough points!");
            return false;
          }
        }
              if ($('exchange_1month').checked) {
          if (points < 3500) {
            alert("Not enough points!");
            return false;
          }
        }
              if ($('exchange_4month').checked) {
          if (points < 10000) {
            alert("Not enough points!");
            return false;
          }
        }
              if ($('exchange_6month').checked) {
          if (points < 15000) {
            alert("Not enough points!");
            return false;
          }
        }
              if ($('exchange_1year').checked) {
          if (points < 25000) {
            alert("Not enough points!");
            return false;
          }
        }
              if ($('exchange_2years').checked) {
          if (points < 50000) {
            alert("Not enough points!");
            return false;
          }
        }
              if ($('exchangealways').checked) {
          if (points < 50000) {
            alert("Not enough points!");
            return false;
          }
        }
            return true;
    }
  </script>

how can i inject it? thx

EDIT thx Nick smileys are disbled


ghost's Avatar

ghost

0 0

If you disabled smiley it would probably help some. ;)


ghost's Avatar

ghost

0 0

well you could change the value of the variable (points) if that's what you mean. just put this in the url bar: markupjavascript:void(points=10000000);alert(points); and it should alert the new value of the points. I think that's what you meant by JS injection?


ghost's Avatar

ghost

0 0

yes thats it thx


ghost's Avatar

ghost

0 0

what exactly are you faking points on??


ghost's Avatar

ghost

0 0

although it doesn't hurt to know the commands there's a nice firefox extension called bugzilla that makes this sort of thing fun and painless