Tentang IT dan Komputer

Teknologi Informasi

11.22.06 09.14.06 JavaScript Injection

Posted by intrik on April 26, 2007

However, with this technique someone can alter almost everything in a page.For example an image.Lets suppose that there is an image
with the site’s logo.By viewing the source of the page (This can be done by going to View-Source) we find this piece of HTML code:

So there is an image named “hi” and the source of it is “hello.gif”.We want to change this to bye.jpeg that is stored on our site http://www.mysite.com
So the full URL of our image is http://www.mysite.com/bye.jpeg
Using JavaScript Injection we type in the adress bar:

javascript:alert(document.hi.src=”http://www.mysite.com/bye.jpeg”)

You will see an alert saying http://www.mysite.com/bye.jpeg and after that the image will be changed.Notice though that those
changes are temporary!If you refresh the page or enter it again your changes will be lost,because you dont alter the site in the server
but in your PC.

Using the same way we can view or change the value of variables.For example we find this piece of code in the site’s source:

var a=”test” This means that the variable with the name a has the value “test”.In order to view the value of the variable we would type:

javascript:alert(a)

and in order to change it from test to hello:

javascript:alert(a=”hello”)

However Javascript Injection is mostly used in changing form’s attributes.Thats the piece of code we have:

We want the form to be sent to our mailbox and not to someone@somewhere.com
This can be done by this command:

javascript:alert(document.format.mail.value=”me@ha cker.com”)

As you have noticed by now we always use a hierarchy in the items we edit:
We start from the bigger to the smaller:

1)We started with document
2)we typed the name of the object we wanted to alter (for example document.hi.src) or the item in which it belonged and then the
name of it (for example document.format.mail.value)
3)Lastly we ended in the attribute of the item we wanted to change (for example its source: document.hi.src, or its value: document.format.mail.value)
4)We separated the words using dots (.)
5)When we wanted to change an attribute we used the equal sign (=) and the new attribute.
*NOTE:We use “” when the new attribute is a character string (for example: document.format.mail.value=”me@hacker.com”)
If we wanted it to be the value of a variable we wouldnt used the “”.For example we want to change the variable a’s value to
the value of variable b.We would type javascript:alert(a=b)

However most items in a page have no name.For example:

In this code the form’s name is missing.Using all the above, the command would look like this:

javascript:alert(document. .mail.value=”me@hacker.com”)

In this case we will have to count all the forms to find out the form’s number.I will use an example:

In this code we see 3 forms,but the one we are interested in is the second.So the number of the form we want is 2.
We must not forget that we start counting from number 1.We say 1,2,3,4… However in JavaScript the counting starts from
number 0.it goes 0,1,2,3 etc
So the actual number of the form is number 1 not 2.In general find the number of the form and take out one (number-1).
We will use this number to fill in the gap in our command:

javascript:alert(document.forms[1].mail.value=”me@hacker.com”)

Like this you can change images or links that have no name.To do that just change “forms” to the type of item you want to change:

For Images it would be javascript:alert(document.images[3].src=”#the url of the picture you want#”)
For links it would be javascript:alert(document.links[0].href=”http://sanyasyari.com/#the url you want#”)

Lastly,we can use this technique to edit cookies.
The command is the following and was written by Dr_aMado from triviasecurity.net,but i altered it a bit so that it shows the cookie before the user edits it.
Just copy-paste this line to the adress bar:

javascript:alert(window.c=function a(n,v,nv){c=document.cookie;c=c.substring(c.indexO f(n)+n.length,c.length);c=c.substring(1,((c.indexO f(”;”)>-1) ? c.indexOf(”;”) : c.length));nc=unescape(c).replace(v,nv);document.c ookie=n+”=”+escape(nc);return unescape(document.cookie);});alert(’The cookie is: “‘+document.cookie+’”‘);alert(c(prompt(”The name of the cookie:”,””),prompt(”Change this value:”,””),prompt(”with this:”,””)));

As a conclusion,i must stress that the changes are made only on the user’s side!It’s like saving the site in your PC and then modifying it.However,
using this technique you can trick a page (for example with cookies) or pass the reference security of a page.For example some pages check from
where the user sends the data.Specifficaly if the data from http://www.test.com/form.php was sent to http://www.test.com/check.php, check.php possibly
would check if the data was sent from the form in http://www.test.com/form.php Except for that,if you manage to enter your own JavaScript code in a page,
using something like this technique you will be able to alter pictures and staff like that permanently!However you need further knowledge than the one
which is provided here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: