English | 简体中文 | 繁體中文 | Русский язык | Français | Español | Português | Deutsch | 日本語 | 한국어 | Italiano | بالعربية
What is JavaScript injection attack?
1JavaScript injection is to enter a segment of js code in the browser address bar to change the content of page js variables and page tags.
Using JavaScript injection, users do not need to close or save the web page to change its content, which is done in the browser's address bar. The syntax of the command is as follows:
javascript:alert(#command#)
For example, if you want tohttp://www.example.comIf you see an alert warning box on the site, first enter the URL in the address bar and wait for the page to load, then delete the URL and enter:
javascript:alert("Hello World")
As a new URL. This will pop up a "Hello World" warning box, and with this technique, almost any content on a web page can be changed, such as an image. Suppose there is a website logo image, we find a segment of HTML code by viewing the source file of the page:
<IMG Name="hi" SRC="hello.gif">
The image is named "hi", the source file is "hello.gif", and we want to change it to be stored on our site (http://www.mysite.com)on the "bye.jpeg" file, so the complete URL of the image is http://www.mysite.com/bye.jpeg, using JavaScript injection, we just need to enter the following in the address bar:
javascript:alert(document.hi.src="http://www.mysite.com/bye.jpeg")
You will see a pop-up "http://www.mysite.com/After an alert warning, the image is then changed. It should be noted that these changes are only temporary! If you refresh the page or log in again, your changes will disappear because you have only made these changes on your PC, not on the web server.
We can use the same method to view or change the value of variables, for example, we find a piece of code like this on the web page:
<SCRIPT LANGUAGE="JavaScript"> var a="test" </SCRIPT>
This means the value of variable a is "test", now we enter:
javascript:alert(a)
Then we change its value to "hello":
javascript:alert(a="hello")
JavaScript injection is usually used to change form attributes. Suppose there is a piece of code like this:
<form name="format" action="send.php" method="post"> <input type="hidden" name="mail" value="[email protected]"> <input type="text" name="name"> <input type="submit" value="submit"></form>
We want the form to be sent to our email address, not [email protected]. We can use the following command:
javascript:alert(document.format.mail.value="[email protected]")
Maybe you have noticed the hierarchical relationship of these commands:
We explain in order from left to right:
1)The leftmost is document
2)Then we want to change the object name (such as document.hi.src) or its containing object (such as document.format.mail.value)
3)Finally, we want to change the attribute (such as source path: document.hi.src, or variable value: document.format.mail.value)
4)We use the "." sign to separate
5)When we want to change the attribute value, we use the "=" sign and the new attribute value
*Note: When the new attribute value is a string (such as: document.format.mail.value="[email protected]"), it needs to be enclosed in double quotes.
If we want to use it as the value of a variable, we do not need to use double quotes "". For example, if we want to assign the value of variable b to variable a, we can enter javascript:alert(a=b).
However, most of the tags on the page do not have names, such as:
<form action="send.php" method="post"> <input type="hidden" name="mail" value="[email protected]"> <input type="text" name="name"> <input type="submit" value="submit"></form>
In this code, there is no form name. Based on the above information, you can use the following command:
javascript:alert(document. .mail.value="[email protected]")
In this case, we must count and find the form order number. Here is an example:
<form action="send.php" method="post"> <input type="text" name="name"> <input type="submit" value="submit"> </form> <form action="send.php" method="post"> <input type="hidden" name="mail" value="[email protected]"> <input type="text" name="name"> <input type="submit" value="submit"> </form> <form action="send.php" method="post"> <input type="text" name="name"> <input type="submit" value="submit"> </form>
In the above code, we see3forms, but we are interested in the second one, so the form order number we want is2. Do not forget we are from1starts counting, for example,1,2,3,4...while JavaScript starts counting from 0, for example, 0,1,2,3...so the actual form order number is1, not2Usually, we need to subtract one from the order number of the found form. We will use this number to complete our command:
javascript:alert(document.forms[1].mail.value="[email protected]")
So you can change the nameless images or links. You can replace "forms" with any tag type you want. For images, it is
javascript:alert(document.images[3].src="#the url of the picture you want#")
For links, it is
javascript:alert(document.links[0].href="#the url you want#")
Finally, we can use this trick to edit cookies. The following command was written by Dr_aMado from triviasecurity.net, and I only made a little modification to make it display before the user edits it. Just copy and paste them into the address bar:
javascript:alert(window.c=function a(n,v,nv){c=document.cookie;c=c.substring(c.indexOf(n)+n.length,c.length);
c=c.substring(1, ( (c.indexOf(";")>-1) &63c.indexOf(";") : c.length));nc=unescape(c).replace(v,nv);
document.cookie=n+"="+escape(nc);return unescape(document.cookie);});
alert('The cookie is: "'+document.cookie+"'');alert(c(prompt("The name of the cookie:",""),
prompt("Change this value:",""),prompt("with this:","")))
//If you want to manually change your cookie, you can use the following command:
javascript:alert(document.cookie)
This will display your current cookie, assuming it is "userid=12
javascript:alert(document.cookie="userid=2
Finally, I must emphasize that all changes are only on the client side! Just like saving the web page on your PC and modifying it. However, even with this trick, you can still deceive the page (such as cookies) or bypass security verification. For example, some web pages may detect the location from which the user sends data, if from http://www.test.com/form.php sends data to http://www.test.com/check.php, check.php may check if the data comes from http: //www.test.com/The form on form.php. In addition, if you plan to input your own JavaScript code on the page, by using some of these tricks, you will be able to change the image and keep it unchanged!
That's all for this article, I hope it will be helpful for your learning, and I also hope everyone will support the Naya Tutorial.