Javascript Injection

Okay, I am learning different things about hacking, using http://HackThisSite.org. And one of the things is Javascript Injection. Personally, I found this really fun and it peaked my interest in JavaScript.

Okay, here goes.

Javascript Injection

Okay, for this you might want to sign up with http://HackThisSite.org just to have something to practice on.
This tutorial will cover the Basic 4 and 5 challenges in HTS.

Okay, if you want to inject JS code into a website, (let's just use this blog for easy access, don't worry, we won't screw anything up.) you type your JS code into the URL bar.

Let's do a simple alert message.

Javascript:alert("Hello World!!");


Type that in and you will get a message box saying Hello World!!. You can also have two commands on the same line, like this:


Javascript:alert("Hello"); alert("World!!");


That would display two alert boxes, one saying Hello and one saying World!!.


Cookie Editing
Okay, here is another use that you can do with JS, one of the ones that you will use a lot if you use JS injection. It's called cookie editing, you can display the cookies like this:

Javascript:alert(document.cookie);


That would display all the cookies on the page you are on. Try it now on this page, what do you get? You will probably get nothing, but you should try this on different websites and see what you get.

Now, if you want to set a cookie or add a new value to a cookie, you would do it like this:

Javascript:void(document.cookie="Cookie = Value")


So, let's say that we want to make a new cookie for this page, let's call it Authorized and set the value to yes.
You would do it like this:

Javascript:void(document.cookie="Authorized = yes")




Okay, this makes sense, you say. But what does this have to do with HTS?
Well, for the basic mission #4 you have to change the email address that it sends the password to, (it won't actually send anything to you, though.)
To do that you have to change the value of that particular variable.

If you look at the source code of that part in the page, you get this:

<form action="/missions/basic/4/level4.php" method="post">
<input type="hidden" name="to" value="webmaster@hulla-balloo.com"><input type="submit" value="Send password to Sam"></form></center><br /><br /><center><b>Password:</b<>br />
<form action="/missions/basic/4/index.php" method="post">
<input type="password" name="password"><br /><br />
<input type="submit" value="submit"></form>

Now, when someone is using a form, the forms in the page are numbered, the first form being forms[0].
To see what the form has in it, then go to the page and type this in:

Javascript:alert(document.forms[0].to.value);


It will give you webmaster@hullabaloo.com or something.

Now, if you want to change a form with JS, you would use the void command again, like this:

Javascript:void(document.forms[0].to.value="youremail@techflavored.com")


That changes the value from webmaster@hullabaloo.com to whatever you put in there.

If you are a Javascript guru, you can see that you can do a lot using JS injection.


URL Javascript Programs
Okay, I got bored and decided to write a one line program using Javascript, here is what I got:

javascript:c=window.open('','','width=200,height=100'); c.document.writeln('<html><head><script type="text/javascript">function OpenBox() { alert("Cookies: " + document.cookie); } </script><center> <br /><input type="button" name="Something" onclick="OpenBox()" value="View Cookies"><br /><br />Help: Just click the button. </center></body></html>');

Long isn't it? Well, if you copy and paste that into the URL bar here, and hit enter, it will give you a new window with a button and wen you click the button, it will show you the cookies. Try it now.

But notice this part:

c=window.open('','',width=200,height=100')


That names the window c.
Now, for when I am writing to the window, you have to use a code like this:

c.document.writeln('BlahBlah.');


That would write BlahBlah to the window.
Get it?

Try writing your own single line program, then post it here, show us what you can do!



~Elec0