Disclaimer: This site is for learning purposes only! Anyone looking to commit a crime, must leave this page now! We do not encourage or approve illegal acts nor criminal activity of any sort. Using these skills outside of these sites could result in arrest and imprisonment!
Introduction: In this tutorial we are going to teach you all the basics you need to know, to start hacking with Javascript Injections. Hackers use Javascript Injections to find and change the values of elements in a website. We can use Javascript for 3 things: Alerts Cookies forms and values. And we have two types of injections we will use:
Alert and Void. We use the Javascript Alert Injection to find out what an element is. And we use the Javascript Void Injection to change that element. The Javascript Void Injection prevents your page from refreshing. This ensures your changes are valid on your current page. While this can be done on any browser, most do not support this straight out of the box. The best browser to use while doing this is Internet Explorer.
The Javascript Alert injection
It is used to show you the value of an element within the site via a pop up. A Javascript Alert is written like this javascript:alert(); So in order to show the cookies on the site; we could write javascript:alert(document.cookie); in address bar and press enter. This would show us a list of the cookies in use. Which we can use as valuable knowledge to make our attack via a injection.
Javascript Void Injection
It is used for changing the values of elements within the site. The void injection makes sure your web browser does not refresh. This ensures your changes validity on the current page your editing. We could use this to change the value of a cookie we found using our Alert Injection. For that we would write the following:
Javascript Form Injections:
You can use the methods learned above to edit forms as well. Through editing forms you can have valuable information like passwords emailed to you. But forms require the code to be written a little bit different. For example let’s say the form code was the following:
Share This Article on Facebook
Introduction: In this tutorial we are going to teach you all the basics you need to know, to start hacking with Javascript Injections. Hackers use Javascript Injections to find and change the values of elements in a website. We can use Javascript for 3 things: Alerts Cookies forms and values. And we have two types of injections we will use:
Alert and Void. We use the Javascript Alert Injection to find out what an element is. And we use the Javascript Void Injection to change that element. The Javascript Void Injection prevents your page from refreshing. This ensures your changes are valid on your current page. While this can be done on any browser, most do not support this straight out of the box. The best browser to use while doing this is Internet Explorer.
The Javascript Alert injection
It is used to show you the value of an element within the site via a pop up. A Javascript Alert is written like this javascript:alert(); So in order to show the cookies on the site; we could write javascript:alert(document.cookie); in address bar and press enter. This would show us a list of the cookies in use. Which we can use as valuable knowledge to make our attack via a injection.
Javascript Void Injection
It is used for changing the values of elements within the site. The void injection makes sure your web browser does not refresh. This ensures your changes validity on the current page your editing. We could use this to change the value of a cookie we found using our Alert Injection. For that we would write the following:
javascript:void(document.cookie=”hackedcookie=value”);
You would just replace hackedcookie with the cookie you want to change. And value to that which the cookie needs to be set to. For example you could use true This could make the cookie valid and grant you access to the site.Javascript Form Injections:
You can use the methods learned above to edit forms as well. Through editing forms you can have valuable information like passwords emailed to you. But forms require the code to be written a little bit different. For example let’s say the form code was the following:
<form action=” http://www.test.com /submit.php” method=”post”> <input type=”hidden” name=”to” value=”info@ test.com”>
you would need to write:
javascript:void(document.forms[0].to.value=”myemail@ tester.com”);
in order to change the email of the form. When Javascript Injecting a form you need to let it know which form you want to change. Incase there are multiple forms on the page. The form is referenced by forms[x]‘, x being which form. The first form on the page is 0. Just like when counting arrays you start with 0 not 1. And you can change to.value to any part of the form you wantShare This Article on Facebook