Donate to us!
Never in the field of human conflict was so much owed by so many to so few. - Winston Churchill
Saturday, June 23, 2018
 Need Help?
Members Online
Total Online: 94
Guests Online: 91
Members Online: 3

Registered Members: 105555
Newest Member: abhinavbahuguna
Latest Articles

Javascript Injections

Arrow Image Basics of javascript

Javascript Injections

These three things i will try to explain to you: Injection Basics, Cookie and Form Editing.
In these articles i will teach you only the super basics of javascript and for all those who want to learn more, google advanced

javascript injections :)


All you need for injecting this very useful stuff, is URL.
When you use them, delete the whole url bar, even http:// - leave your bar totally empty, and then...onto the injecting.

First thing your have to type is \'\' javascript: \'\' (without \'\' \'\')
That means we are using, guess what, javascript???
There are 2 main commands that you will use (sometimes even one) - they are: alert(); and void();

Now that we know something about this, we are going to make a simple task.
Go to any site and try to make a window appear saying: I got it

Try to do it on your own, and if you cant write it, look here:
javascript:alert(\'I got it\');

Cookies (yummy)

If you are not familiar with the term \'\'cookie\'\' please google it because i dont want to explain it now.
So, after you found out what cookies are, we will learn how to view them.
We will check them with a simple script like this:
Now, you will see a pop-up window displaying information on your cookies.

For editing, we have to use that void(); command
This script can change the existing info or create a new value.
Replace \'\'Field\'\' with an existing field or create a new values. Then replace \'\'Value\'\' with whatever you want.
This is a very popular script:
This alert(docu<i></i>ment.cookie); at the end will show you the effect of this script.


To edit the values, you can sometimes edit the downloaded html and submit whatever you want.
Then, the form comes up.
Every form is stored like this: forms[x]
X is the number which starts with 0 and goes on by order (1,2,3,...)
The most common situation will be that x is 0 so,.... forms[0]

I saw a challenge on HTS requiring to combine e-mail and javascript.
You cant download the script but you can check to see what value a certain form element has by using this script:

So, heres the example:
javascript:void(docu<i></i>ment.forms[0].to.value=\'\'your email\");alert(docu<i></i>ment.forms[0].to.value);
Again, just like the alert(docu<i></i>ment.cookie); at the end will show you the effect.

Another example goes like this (also from HTS):
Try to figure it out ;)

That\'s about it guys
Hope u rate it:)

Sauron (somewhere 666Diablo)


Sauronon March 08 2006 - 18:24:02
Ignore those <i></i>, Just delete them when using javascript. It is automatically set. Probably because of seecurity.
seljojojoon March 08 2006 - 18:29:59
nice, has everithing basicGrin
spywareon March 08 2006 - 21:53:13
Awesome --> must see for everyone that's new in JS-injecting! Keep writing dude, sql injections maybe Pfft?
Ilikeredpieon March 10 2006 - 14:46:20
ty so much this helped alot Grin
spywareon March 27 2006 - 20:33:01
This is stolen from here? Sorry if I am accusing you wrong...
Sauronon March 28 2006 - 09:23:01
Sry to disappoint you, but no...
spywareon March 28 2006 - 20:21:21
I am not disappointed, I'm sorry dude - the articles are very look-a-like. My mistake -- Nice article.
Sauronon March 28 2006 - 20:33:42
Well, all javascript articles are very similar. Think about it. What could u write that is different than the other article...not much, right Wink
sharpskater80on June 05 2006 - 08:25:01
You've got a point Sauron, but if you want other examples try looking at javascript objects and the js html dom page on w3schools. Pretty good introductory article though.
jtkodeon November 11 2006 - 03:24:08
um i have a problem when i put the whole javascript:alert(docu<i></i>ment.cookie); nothing happens i dont know what to do....
kaksiion March 07 2007 - 12:46:58
Nice article. Very good for beginners. Wink
Mizzleon October 05 2008 - 18:14:12
jtkode: Remove the '<i></i>' So you'll be using this... 'javascript:alert(document.cookie); Reason for this: It is automatically set Wink Hope this helps and good luck Smile
Post Comment


You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.