Basic Hacking: Javascript Injection Prank
Essay by review • February 9, 2011 • Essay • 569 Words (3 Pages) • 1,330 Views
Password Prank Javascript Injection
first things first, test it out.
in the url bar type the following
javascript:alert("hello")
"oh my god it said hello to me"
now try something like this
javascript:document.write("hello")
"oh my word a new page that says hello to me"
don't worry, this is going somewhere
now for some variables
javascript:void(a="hello); javascript:alert(a)
if your starting to understanding the concept you'll realize that somethings different. we set a variable to a and made it alert the value of a.
now heres where it gets more advanced.
go to a page with a login form like gmail.com and type this into the url bar
javascript:alert(document.forms[0].action)
the document function as you might have guessed documents something. as for the forms[0], your asking for the form (a type of html tag for those who dont know) and the number 0 (the first one on the page). and the action is where the form submits too.
now what were to happen if we were to change this value through a void, try it
javascript:void(document.forms[0].action="http://www.google.com"); javascript:alert(document.forms[0].action)
oh wow it changed, but what does that mean? try clicking the log in button. there ya go. so, it just sends me to google big deal. keep reading, the pay off is comming.
so now try this, put something in the username box and something else in the password box (these will be comming up in a popup so dont put your real information if anyones around)
javascript:alert(document.forms[0].elements[0].value)
like before forms[0] gives you the first form. but now elements[0].value gives you what the first element contains. so now to accomplish our goal change the elements[0].value to elements[1].value. and then elements[2].value and so on and so forth until you find what you put in the username and what you put in the password.
now before we continue one last thing you need to learn.(warning this will freeze your browser, opening a different window is recommended)
javascript:while(1) alert("loop")
the
...
...