~Javascript 7~

im have trouble with the actul script i havnt a clue where to start i have looked up substring and i havnt a clue and the substring is invalid plz help pm plz!!:@

I am in the same boat as you….a little help would be nice

You don't need to learn substrings, use the alert comand.

i did but that didnt help anything

how do you use an alert command? I don't know very much JavaScript

then learna bout the alert command and what it can do.

then alert the values you want to see.

simple.

well, how do i execute the code?

You can exicute javascript code by placing it into the URL where you type the location you are at type in javascript:code to be exicuted here if you wish to play around with the javascript and see what it does you can try a little trick i used once and that is go to http://www.w3schools.com/js/tryit.asp?filename=tryjs_text and edit around the text of the javascript to suite your needs then press the click me to c what happens

soooo, if I was on "http://www.blabla.com/random/index.php" I would put "http://www.blabla.com/random/::code here?::" or would I put it after the php?

For javascript injection to alert things, you go to the page - www.thepage.com/whatever.php - then once you're in there, you delete everything in the URL bar and then type 'javscript:alert(' and then whatever. There's a good article on it in webhacking I think.

just go to w3schools use their examples to execute your code, or learn aboout javascript there. use the alert command to alert the values you need. if you need more help with this chall or other js's go to my article at http://www.hellboundhackers.org/readarticle.php?article_id=381

you skipped right over 7 ;)

oh oops well i meant truely about the alert()

still cant get it, nothing happens when I press enter or click go or anything….

hmm, what does this do?

v3=s1.substring (6,9)+a2.substring (2,8);

well if the alert doesnt work then try googlin substr with js or go to www.w3schools.com

HURRAY! i tried that thing where you save it to your hard-drive, was able to directly edit the code and BAM! instant password :D:D

ya, after i actually tried to make the alert pop up instead of doing what i was doing….its easy (did rest of my js missions with it also :))

good job Kantika

hey guys, havign a little trouble with this one… i know what i need to use etc, but im having trouble with my code, either by the saving the source method or the injection… when i try to inject i cant get it to stay on the page for me to enter the code (because it loops the input box)…. when i edit the source i can't get it to pop up a webpage, it just pops up the source. any suggestions?

For saving the source, make sure that you have it inside the <script> tags. If you do have that, then im guessing you left out the <body> bit at the end which is required to call the password function. You can take out the body bit, but you would either have to call the function another way, or take out the line "function password () {" and the last "}" before the closing <script> tags so that the script runs when the page loads. In my opinion saving the source is easier than using an injection.

Hope that helps :D

sorry where do i have to put in the <script> tags? before and after all the java? isnt that what the 'start-tag and end-tag' stuff is for?

There should already be tags there if you saved/copied it straight from the page, but it wont work if you remove them :right: Can you pm me (or post here wtver) the exact source code so that I can see what you are doing wrong, atm its just guess work :p.

well theres the source of the page untouched cuz im not going to pot a spoiler.. , but even if i run it without doing anything to it, it doesnt bring up a webpage, it brings up a viewing source page. why wont it run as a web page?

edit - source deleted

This is the source code I get when I got to the page Try what you were doing on your last post, but I suggest you DELETE the source on your last post since its a spoiler (I only meant you to post the unedited source code sorry :p) Ill edit mine out afterwards since its just to fix your problem, other people should have to find the source and all that on their own EDITed source out

do i not just hit escape, to get out of the boxes, and stop the redirection? if so, it doesn't work for me :S I always get redirected.

and that is what i get when i do the viewsource… what mine said was what it saved when i saved the viewsource

Idk lol I just hold down the escape for a sec or two until I know that I'm not being redirected anymore

If you still cant get the right source, just message me and Ill pm it to you with the stuff thats missing.

Hey man thanks for what you just said there about holding escape, i don't know why i didn't do it instead of hitting it a few times… duh….. so when i stopped the redirection i was able to properly save it so it would open as a page… thanks again

Wondering if somebody would be able to help me on this mission seeing as I, along with many others seem to be stuck.

I know that this mission can be solved through saving the source code and altering it, but I figure it's a javascript mission…I may as well use javascript, so that's the method I want to use.

Was wondering if I could PM somebody to get a push in the right direction.

Thanks in advance.

Its a javascript mission because the part of the source that you have to edit is in javascript. You can pm to get started. But if you have a problem, you might as well just post it so that anyone can answer. (also helps other people trying to do the challenges later)

I know what needs to be done now, I just don't know HOW. I've got to edit the source so that the page so that the alert reveals something more useful than just "Wrong," and then redirects to the HBH page.

Now my next question may seems a little noobish, but I haven't seen anyone post about it so far, so here goes. When I look at the source it only shows javascript. There are no HTML tags etc…so when I alter it as a text file and then try and open it as a web page, nothing happens.

Is an easer way to do this?

Please respond, I'm really stuck : (

this one is easy. all the nudges you need are here. instead of wasting your time with the harddrive, just use http://www.w3schools.com/js/tryit.asp?filename=try_dom_anchor_href or something like that… then just paste the source of javascript 7 in between the <html>and </html>tags and get to work!

OMG thank you chaunchothenacho, that really helped! I don't know why I didn't think of it sooner.

My advice to other people: Read the javascript really carefully and try to understand what it's asking.

SPOILER!!!!

It's kind of a workaround on the whole substring thing, but why not just have the script redirect you to the good page

END SPOILER!!!!

DONT_BUMP_THE_THREADS_FROM_AGES_AGO_THANK_YOU