Search
 
 

Display results as :
 


Rechercher Advanced Search

Latest topics
» NewBlueFx TotalFX Windows-FL | 1.11 GB
Tue Dec 17, 2013 12:42 pm by titquarra

» NewBlueFx TotalFX Windows-FL | 1.11 GB
Tue Dec 17, 2013 12:42 pm by titquarra

» Celebrity.Sex.Tape.UNCUT.&.UNRATED.2012.720p.BRrip.x264.YIFY.mp4
Tue Dec 17, 2013 8:32 am by titquarra

» Maya Autodesk Personal Learning Edition 8.5
Tue Dec 17, 2013 7:47 am by titquarra

» Tuyệt Kỹ Đong Giai Chân Kinh (tuyệt Kỹ cua trai)
Thu Aug 23, 2012 5:38 am by Admin

» Tuyệt kỹ cua giai
Thu Aug 23, 2012 5:36 am by Admin

» NETCAT.........
Mon Aug 13, 2012 6:35 am by Admin

» Bảo mật CSDL bằng phương pháp mã hóa.
Tue Apr 17, 2012 10:04 pm by Admin

» Hàm mã hóa MD5 bằng JavaScript
Tue Apr 17, 2012 10:03 pm by Admin

Shopmotion


Affiliates
free forum


Javascript Injection Attacking method

View previous topic View next topic Go down

Javascript Injection Attacking method

Post  Admin on Thu Oct 21, 2010 7:23 pm

Interested in javascript injection? Good! It's one of the most fun exploits out there. A couple things you can do with it (depending on how well the admin secured the site) is to set countdowns to 0 (for downloads and stuff), change gender to 'Alien' or whatever you want (on your profile), and other fun stuff.

I'm not going to go in to very much detail with this because last time I did that I accidently deleted my article and I don't feel like doing it all over again. Let's look at a basic input and learn what we can do to change it:

<form name"buy" method="POST" action="">
<input type="hidden" name="item" value="book">
<input type="hidden" name="price" value="20.00">
</form>

<form name="buy" method="POST" action="">
<input type="hidden" name="item" value="laptop">
<input type="hidden" name="price" value="999.99">
</form>

Okay, let's say this is a shopping form. I have actually seen something very similar to this, only you got hosting with it. So, you probably know that computer arrays start at 0. You usually enter javascript injection to the url bar, so let's look at how to set the price of the laptop to $0.00!

javascript:void(document.forms[1].price.value="0.00");

Now, the javascript: part means we are entering javascript (obviously), the void function means we are changing something. We then type document. to say it's on this page, or we are editing something on this page. Then, when we get to the forms
part, we are choosing which form to edit. Since we said forms[1], we are editing the second one. We then select by name which input we want to change and put the name there (we are using price.) then we are going to set the value of it (since that's where the price is). So we say value="0.00" to set it to $0.00.

Isn't that lovely? You can also edit cookies like this:

javascript:void(document

Admin
Admin

Tổng số bài gửi : 782
Join date : 2009-08-15

View user profile http://hackis.forumotion.com

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum