EssaysForStudent.com - Free Essays, Term Papers & Book Notes
Search

Basic Hacking: Javascript Injection Prank

By:   •  Study Guide  •  569 Words  •  December 14, 2009  •  1,515 Views

Page 1 of 3

Essay title: Basic Hacking: Javascript Injection Prank

Password Prank Javascript Injection

first things first, test it out.

in the url bar type the following

javascript:alert("hello")

"oh my god it said hello to me"

now try something like this

javascript:document.write("hello")

"oh my word a new page that says hello to me"

don't worry, this is going somewhere

now for some variables

javascript:void(a="hello); javascript:alert(a)

if your starting to understanding the concept you'll realize that somethings different. we set a variable to a and made it alert the value of a.

now heres where it gets more advanced.

go to a page with a login form like gmail.com and type this into the url bar

javascript:alert(document.forms[0].action)

the document function as you might have guessed documents something. as for the forms[0], your asking for the form (a type of html tag for those who dont know) and the number 0 (the first one on the page). and the action is where the form submits too.

now what were to happen if we were to change this value through a void, try it

javascript:void(document.forms[0].action="http://www.google.com"); javascript:alert(document.forms[0].action)

oh wow it changed, but what does that mean? try clicking the log in button. there ya go. so, it just sends me to google big deal. keep reading, the pay off is comming.

so now try this, put something in the username box and something else in the password box (these will be comming up in a popup so dont put your real information if anyones around)

javascript:alert(document.forms[0].elements[0].value)

like before forms[0] gives you the first form. but now elements[0].value gives you what the first element contains. so now to accomplish our goal change the elements[0].value to elements[1].value. and then elements[2].value and so on and so forth until you find what you put in the username and what you put in the password.

now before we continue one last thing you need to learn.(warning this will freeze your browser, opening a different window is recommended)

javascript:while(1) alert("loop")

the

Download as (for upgraded members)  txt (3.7 Kb)   pdf (78.3 Kb)   docx (11.6 Kb)  
Continue for 2 more pages »