search

Home  >  Article  >  Web Front-end  >  Javascript injection skills_javascript skills

Javascript injection skills_javascript skills

WBOY
WBOYOriginal
2016-05-16 19:12:111300browse

Author: kostis90gr
Translation: Dark Soul [S.S.T]
This article has been published in the June issue of "Hacker Defense". The copyright belongs to "Hacker Defense" and the Script Security Team. Please maintain the integrity of the article when reprinting it, thank you :)

This guide is for reporting purposes only, I am not responsible if anyone uses it for illegal purposes.

By using javascript injection, the user does not have to close the website or save the page in his You can change the content of the website on your PC. This is done from the address bar of his browser. The syntax of the

command looks like this:

Copy code
javascrit :alert(#command#)

For example, if you want to see an alert box on the website http://www.example.com, then first enter the URL (www.example.com) in the address bar ), when the page is loaded, clear the URL and enter javascrit:alert("Hello World") as a new URL. This will pop up an alert box showing Hello World. However, some people will use this technique to change almost everything in the page. Any content. For example, a picture. Let us imagine that there is a logo picture of a website. By viewing the page source code (you can use "View Source Code" in the browser), we find an HTML code:

Copy code


Get information: There is a picture named hi, and the source file is hello.gif. We want Change it to bye.jpeg and store it on our site http://www.mysite.com. So the full URL of our image is http://www.mysite.com/bye.jpeg To use javascript injection, we Need to enter in the address bar:

Copy code
javascript:alert(document.hi.src="[url]http://www.mysite.com/bye.jpeg"[/url] )

You will see a tooltip saying http://www.mysite.com/bye.jpeg, and after that the image will be changed. Note though that those changes are only temporary! If you refresh Page or enter again, the changes you made will be lost, because what you changed is not the site on the server, but on your PC.

Using the same method, we can view or change the value of the variable. For example We found some source codes like this on the website:

Copy code


means assigning test to variable a. In order to view the value of the variable, we will enter:

Copy code
javascript:alert(a)

and then in order to change it from If test is changed to hello, enter:

Copy code
javascript:alert(a="hello")

But javascript injection is mainly used to change the attributes of the form. Here is what we have done Some codes:

Copy code






We want the form to be sent to our email address, not the email address someone@somewhere.com in the code, this idea can be accomplished with this command:

Copy code
javascript:alert(document.format.mail.value="[email]me@hacker.com[/email]")

By now you already know that I always It is told in terms of levels. Let’s start from large to small:
1) Start with document
2) Enter the name of the object we want to change (such as document.hi.src) or the attribute it belongs to and Reassignment (such as document.format.mail.value)
3) Finally ends with the characteristics we want to change (such as source path: document.hi.src, or variable value: document.format.mail.value)
4) Use "." to separate words.
5) When we want to change the feature value, use the "=" sign and the new feature value.
*Note: When the new feature value is Strings need to be enclosed in double quotes "" (for example: document.format.mail.value="me@hacker.com") If we want to change it into the value of a variable, there is no need to use double quotes" ".For example, if we want to change the value of variable a so that it is equal to the value of variable b, we will enter javascript: alert(a=b).

However, the attributes in most pages do not have names, for example:

Copy code



< /form>

In this code, the form has no name. Using all the information above, the command might look like this:

Copy code
javascript:alert(document. .mail .value="[email]me@hacker.com[/email]")

In this case we will have to count all the forms to find the serial number of this form. I will use an example to Explanation:

Copy the code The code is as follows:











In the above code we saw 3 forms, but we are only interested in the second one. Therefore, the form number we want is 2. Don't forget that we start counting from 1, we say 1, 2, 3, 4... but in javascript it starts from 0. It is 0, 1, 2, 3... so really The form serial number is 1, not 2. Usually we need to find the form serial number first and then subtract one.

We will use this serial number to complete our command:
Copy code The code is as follows:
javascript:alert(document.forms[1].mail.value="me@hacker.com")


Like this, you can change images or links without names.
For images:
Copy code The code is as follows:
javascript:alert(document.images[3].src="#target image URL you want to change#")

For links:
Copy code The code is as follows:
javascript:alert(document.links[0].href="http://www. undug.net/# Target link you want to change#")


Finally, we can use this trick to edit cookies.

The following command was written by Dr_aMado from triviasecurity.net , but I modified it a bit so that it shows the cookies before the user edits it. You just need to copy them into the address bar:
Copy code The code is as follows:
javascript:alert(window.c=functiona(n,v,nv){c=document.cookie;c=c.substring(c.indexOf(n) n.length ,c.length);c=c.substring(1,((c.indexOf(";")>-1)?c.indexOf(";") :c.length));nc=unescape(c ).replace(v,nv);document.cookie=n "=" escape(nc);return unescape(document.cookie);});alert('The cookie is: "' document.cookie '"'); alert(c(prompt("The name of the cookie:",""),prompt("Change this value:",""),prompt("with this:","")));


To end, I must emphasize that the changes we made were only on the user side! It’s like saving the website on your PC and then modifying it. Nonetheless, using this trick you can still spoof a Page (such as cookies) or through the security verification of a page. For example, some pages will detect where the user sends the data. If the data is sent from http://www.test.com/form.php to http://www.test .com/check.php, check.php may detect if the data is being sent from a form at http://www.test.com/form.php. Otherwise, if you plan to log into a page yourself javascript code, by using a few tricks like this, you will be able to change the image without changing it! But you will need to use a deeper level of knowledge than what is mentioned here.

If you have any questions or suggestions, Please email me: kostis90gr@gmail.com
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:A super powerful JavaScript code decryption method_javascript skillsNext article:A super powerful JavaScript code decryption method_javascript skills

Related articles

See more