We aimed at helping people new to Hacking and Security. Learning Ethical Hacking has not been so fast until now. We make sure that people striving to learn Ethical Hacking can do it in matter of weeks, & not months @ ZERO cost. We believe to become a good ethical hacker one must know as much as black hat hackers. This is the best Best Ethical hacking Blog for an unbelievable ZERO price.
JavaScript is a widely used technology within websites and web based applications. JavaScript can be used for all sorts of useful things and functions. But along with this comes some additional security issues that need to be thought of and tested for. JavaScript can be used not only for good purposes, but also for malicious purposes.JavaScript injection is a nifty little technique that allows you to alter a sites contents without actually leaving the site.This can be very usefull when say, you need to spoof the server by editing some form options.JavaScript injection is a fun technique that allows you to change a websites content without leaving the site, reloading the page, or saving the site to your desktop. It can be very useful when you need to change hidden data before you send it to the server. Lets start with some basic injection techniques. method=post>
Note:Since this is the first form on the page, it is forms[0]
Say this form was used to email, say vital server information to the admin of the website. You cant just download the script and edit it because the submit.php page looks for a referer. You can check to see what value a certain form element has by using this script:
javascript:alert(document.forms[0].to.value)
This is similar to the alert(document.cookie); discussed previously.
In this case, It would pop up an alert that says [email protected]
So heres how to Inject your email into it. You can use pretty much the same technique as the cookies editing shown earlier:
This would change the email of the form to be [email protected].
Then you could use the alert(); script shown above to check your work. Or you can couple both of these commands on one line.
That completes this post about JavaScript injection as you can see all kinds of fun things can be done with these techniques. Use your imagination and with a little work you can test your site and keep it secure from malicious hackers.
Posted by XERO . Thanks to NeoXdyne , testingsecurity.com
Related Posts : Basics Hacking Tutorials,
Programming Hacks
Interesting blog you have here. I would like to invite you to join my contest @ my blog for a chance to win a free blog review from me. You should subscribe to my rss feed by email and let me know you have by commenting under the "Giveaway" post or emailing me and notifying you have entered the contest. Happy Blogging!
1 Visitor Reactions & Comments:
Interesting blog you have here. I would like to invite you to join my contest @ my blog for a chance to win a free blog review from me. You should subscribe to my rss feed by email and let me know you have by commenting under the "Giveaway" post or emailing me and notifying you have entered the contest. Happy Blogging!
Post a Comment