Author: kostis90gr
Translation: the soul [S.S.T]
This article has been published in the "Hacker defense" June issue, copyright belongs to the "hacker line of Defense" and the script security team, reproduced please keep the article integrity, thank you:
This guide is for reporting purposes only, and if anyone uses it for illegal purposes, I am not responsible.
By using JavaScript injection, users can change the content of the site without shutting down the site or saving the page on his or her PC. This is done by the address bar of his browser.
The syntax of the command looks like this:
Copy Code
Javascrit:alert (#command #)
For example, if you want to see a warning box inside the site http://www.example.com, first enter the URL (www.example.com) in the address bar, and when the page is loaded, empty the URL and enter Javascrit:alert (" Hello World ") as a new URL. This will pop up a warning box to show hello World. However, some people use this technique to change almost anything on the page. For example, a picture. Let's imagine a logo picture of a website. By viewing the page source code ( You can use the "view source" in the browser to do it, we found an HTML code:
Copy Code
Get information: There is a picture named Hi and the source file is hello.gif. We want to change it to bye.jpeg and store it on our site http://www.mysite.com. So the full URL of our picture is yun_qi_img/ Bye.jpeg to use JavaScript injection, we need to enter in the address bar:
Copy Code
Javascript:alert (document.hi.src= "[url]yun_qi_img/bye.jpeg" [/url])
You will see a cue box that says Yun_qi_img/bye.jpeg, and the picture will be changed after that. Note that although those changes are only temporary! If you refresh the page or enter again, the changes you caused will be lost because you are not changing the site on the server, but your PC.
Using the same method, we can view or change the value of the variable. For example, we found some source code in the website:
Copy Code
<script language= "JavaScript" >
var a= "Test"
</SCRIPT>
Give the variable a a value of test. To see the value of a variable, we'll enter:
Copy Code
Javascript:alert (a)
Then, to change it from test to Hello, enter:
Copy Code
Javascript:alert (a= "Hello")
But JavaScript injection is primarily used to change the properties of a form. Here are some of the code we already have:
Copy Code
<form name= "format" action= "send.php" method= "POST" >
<input type= "hidden" name= "Mail" value= "[Email]someone@somewhere.com[/email]" >
<input type= "text" name= "name" >
<input type= "Submit" value= "Submit" ></form>
We want the form to be sent to our mailbox, not to the mailbox someone@somewhere.com in the code, and the idea can be done by this command:
Copy Code
Javascript:alert (document.format.mail.value= "[Email]me@hacker.com[/email]")
By now you know that I always tell the hierarchy, and we start from big to small:
1 Starting from Document
2 Enter the name of the object we want to change (such as DOCUMENT.HI.SRC) or the attribute it belongs to and reassign (e.g. Document.format.mail.value)
3 End With the feature we want to change (e.g. source path: DOCUMENT.HI.SRC, or Variable value: document.format.mail.value)
4) with "." The words are separated by the number.
5 when we want to change the eigenvalues, we use the "=" number and the new eigenvalue.
* Note: When the new eigenvalue is a string, it needs to be enclosed in double quotes "" (For example: document.format.mail.value= "me@hacker.com") if we want to change it to a variable value, we do not need to use double quotes "". For example, we want to change the value of variable A to equal the value of variable B and enter Javascript:alert (A=B).
However, the properties on most pages do not have a name, for example:
Copy Code
<form action= "send.php" method= "POST" >
<input type= "hidden" name= "Mail" value= "[Email]someone@somewhere.com[/email]" >
<input type= "text" name= "name" >
<input type= "Submit" value= "Submit" ></form>
In this code, the form has no name. With all the information above, the command might look like this:
Copy Code
Javascript:alert (document. mail.value= "[Email]me@hacker.com[/email]")
In this case we will have to calculate all the table forms find the serial number of the form. I'll explain it in one example:
Copy Code code as follows:
<form action= "send.php" method= "POST" >
<input type= "text" name= "name" >
<input type= "Submit" value= "Submit" ></form>
<form action= "send.php" method= "POST" >
<input type= "hidden" name= "Mail" value= "someone@somewhere.com" >
<input type= "text" name= "name" >
<input type= "Submit" value= "Submit" ></form>
<form action= "send.php" method= "POST" >
<input type= "text" name= "name" >
<input type= "Submit" value= "Submit" ></form>
In the code above we saw 3 forms, but we're only interested in the second one. So the list number we want is 2. Do not forget that we start from 1, we say 1,2,3,4 ... but in JavaScript it is calculated from 0. it's 0,1,2,3. So the real form number is 1, not 2. We usually have to find the form number and subtract one.
We will use this serial number to complement our command:
Copy Code code as follows:
Javascript:alert (document.forms[1].mail.value= "me@hacker.com")
Like this, you can change a picture or link without a name.
For pictures:
Copy Code code as follows:
Javascript:alert (document.images[3].src= "#你想改变的目标图片URL #")
For links:
Copy Code code as follows:
Javascript:alert (document.links[0].href= "http://www.undug.net/#你想改变的目标链接 #")
Finally, we can use this technique to edit cookies.
The following command is written by Triviasecurity.net's Dr_amado, but I have modified it so that the cookie can be displayed before the user edits it. You just need to copy them to the address bar:
Copy Code code as follows:
Javascript:alert (Window.c=functiona (N,V,NV) {c=document.cookie;c=c.substring (C.indexof (n) +n.length,c.length); c= C.substring (1, (C.indexof (";") >-1)? C.indexof (";"): C.length); Nc=unescape (c). Replace (V,NV);d ocument.cookie=n+ "=" +escape (NC); return unescape (document.cookie);}; Alert (' The cookie is: ' ' +document.cookie+ '); alert (Prompt ("The name of the cookie:", ""), Prompt ("Change this value:", ""), Prompt ("With this:", "));
As an end, I must emphasize that the changes we have made are only on the client side! It's like keeping the site on your PC and then modifying it. Still, using this technique you can cheat a page (such as cookies) or through a page security verification. For example, some pages detect where users send data. If the data is sent from http://www.test.com/form.php to http://www.test.com/check.php, Check.php may detect whether the data was sent from a form on http://www.test.com/form.php. In addition, if you are going to log on to a page of your own JavaScript code, by using some techniques like this, You will be able to change a similar picture! But you need to use a deeper knowledge than this.
If you have any questions or suggestions, please email me: kostis90gr@gmail.com
