If you don't know HTML, go and learn it before you read this.
If you don't know javascript, I recommend you learn to read it at least.
This text is for educational purpose, I am not responsible of what you do with this information. I just hope you stay in the Light Side of the Force.
A Beautiful World
When I was young and reckless (two years ago) and I was starting in the world of hacking I was amazed by a thing called javascript injections. I would never thought I could inject code into a page without any sophisticated tool, just my knowledge of javascript and my favorite browser firefox.
Know your World
In your URL bar write:
javascript:alert("Hello World")
and then hit enter.You should see a nice little pop up that says Hello World.
I will explain the code:
1. javascript: - Introduces javascript code.
2. alert() - This function makes that little pop up you saw before. The argument of the function is the message in the pop up.
This function is very useful to see the information hidden from you, like cookies:
javascript:alert(document.cookie)
1. document - represents the current page.
2. document.cookie - represents the cookies for that page.
This code would show your current cookies.
Let's say we have this form:
1. <form action="/Neo.php" method="post">
2. <select name="message">
3. <option value="Take the blue pill">Take the blue pill</option>
4. </select>
5. <br>
7. <input type="submit" value="Send Message to Neo!">
8. </form>
In this case we do not want Neo to take the blue pill because we need him as the Chosen One. We need him to save us. So we have to send him a message that says "Take the red pill". There are several ways to do this(Two of them metioned below). I will explain the JS way.
In your URL bar write this:
javascript:alert(document.forms[0])
1. document.forms[x] - represents a form in the current page being x the number of the form. If we have three forms, first one would be document.forms[0] and the last one document.forms[2].
Now write:
javascript:alert(document.forms[0].elements[0])
1. document.forms[0].elements[0] - represents an element in the form. In our form we have two elements: select tag (document.forms[0].elements[0]) and input tag (document.forms[0].elements[1]).
And now:
javascript:alert(document.forms[0].elements[0].options[0])
1. document.forms[0].elements[0].options[0] - represents an option in the select tag.
In our form we have just one option and to see its value we do:
javascript:alert(document.forms[0].elements[0].options[0].value)
This code will alert "Take the blue pill".
So we finally have access to the thing we want to change.
Change your World
You can skip this only if you fully understand it.
Differences between = and == in common
programming languages
I will explain this with a little example:
1. var yoda = 1000;
2. yoda = 200;
3. if(yoda == 200){
4. alert("yoda rocks!");
5. }else{
6. alert("Chimichanga!");
7. }
In the first line = is used to asign 1000 to the variable yoda. With that I mean yoda's value is 1000. The same thing happens in the second line where 200 is asigned to yoda. Now the expresion (yoda == 200) works in this case like an equal sign. So if yoda equals 200 then that condition in the if statement is true and will alert that yoda rocks, else will alert Chimichanga. This code will always alert that yoda rocks because that's the last value asigned to the variable yoda.
To change the value of a variable we use the void() function. Example:
1. <html>
2. <head>
3. <script type="text/javascript">
4. c = 1000000;
5. function counter(){
6. document.getElementById('counter').innerHTML="Seconds left: "+c;
7. if(c==0){
8. window.location="http://google.com";
9. }else{
10. c=c-1;
11. var time = setTimeout('counter()',1000);
12. }
13. }
14. </script>
15. </head>
16. <body onload="counter()">
17. <div id="counter"></div>
18. </body>
19. <html>
If we want to visit google a bit faster we could do:
javascript:void(c=0)
You can skip this if you fully understanded the code above.
function counter() explained
This function is a backwards counter that goes from 1000000s to 0s (about 11 days), so this means you can only access to google after 11 days you load the page. We see in the line 4 a global variable (variable c). That global variable is the responsible for the long wait to finally go to google. Our advantage here is the fact that the variable is global, so we can change it with a injection using the function void(). If we change the value of variable c to 0, we inmediately will be redirected to google.com. So that's why we use the injection javascript:void(c=0).
If you don't understand the code and you want to fully understand it (it would be advisable) go to this page http://www.w3schools.com and learn some javascript.
In our form we need to change the message and it is almost the same code above:
javascript:void(document.forms[0].elements[0].options[0].value="Take the red pill")
It seems we did not do much, but our form is now injected. If you hit "Send Message to Neo!", the form will send now the right message to our savior. :)
And that Code Highlighting :: Select Code
is the way to make the world a better place with JS Injections. :)
Summary
- alert(something)
something == String or something == variable
- void(something = something_else)
something == variable and something_else == new value for something
- Enjoy :D
If you want to know more about injections I recommend to learn javascript. This injections will make your life a bit easier.
Annex
You can make the same modifications to a form with firebug(Firefox extension) or copying the source code of the page in a text editor(notepad, gedit, vim, emacs, etc.), modify the code, save it in your computer(as html file if you are in Windows) and then submit the form(Remember to change the form's action from action="/Neo.php" to action="http://ChosenOne.org/Neo.php")
Well, that's all folks! May the force be with you and accept Jesus Christ as your Savior!
0 comments:
Post a Comment