What is a javascript injection attack?
1. JavaScript injection is to enter a piece of js code into the browser address bar to change the content of page js variables and page labels.
Using Javascript injection, users can change their content without closing or saving web pages, which is done on the browser's address bar. The syntax of the command is as follows:
javascript:alert(#command#)
For example, if you want to see an alert warning box on the http://www.example.com site, first enter the URL in the address bar and wait for the page to load, then delete the URL and enter:
javascript:alert(Hello World)
As a new URL. This will pop up a Hello World warning box, using this technique to change almost anything on a web page, such as a picture. Suppose there is a website logo image, and we find one of the HTML code by looking at the page source file:
<IMG Name=hi SRC=hello.gif>
The image is named hi, the source file is hello.gif, we want to change it to the bye.jpeg file stored on our site (http://www.mysite.com), so the full URL address of the image is http://www.mysite.com/bye.jpeg, using Javascript injection, we just need to enter it in the address bar:
javascript:alert(document.hi.src=http://www.mysite.com/bye.jpeg)
You will see a http://www.mysite.com/bye.jpegalert warning pop-up, and the image is changed. It should be noted that these changes are only temporary! If you refresh the page or re-enter your changes will disappear because you just made these changes on your PC, not on the web server.
Using the same method we can view or change the value of the variable, for example, we find a piece of code like this on a web page:
<SCRIPT LANGUAGE=JavaScript> var a=test </SCRIPT>
It means that the value of variable a is test, and now we enter:
javascript:alert(a)
Then we change its value to hello:
javascript:alert(a=hello)
Javascript injection is usually used to change form properties, assuming there is a piece of code like this:
<form name=format action=send.php method=post> <input type=hidden name=mail [email protected]> <input type=text name=name> <input type=submit value=submit></form>
We want the form to be sent to our mailbox, not [email protected]. You can use the following command:
javascript:alert([email protected])
Maybe you have noticed the hierarchy of these commands:
Let's explain it in order from left to right:
1) The document is on the leftmost
2) Then there is the object name we want to change (such as document.hi.src) or the object it contains (such as document.format.mail.value)
3) Finally, the attribute we want to change (such as source path: document.hi.src, or variable value: document.format.mail.value)
4) Use .number separation
5) When we want to change the attribute value, we use the = sign and the new attribute value
*Note: When the new attribute value is a string (for example: [email protected]) it needs to be enclosed in double quotes.
If we want to use it as a value for a variable, we don't need to use double quotes. For example, if we want to assign the value of variable b to variable a, we can enter javascript:alert(a=b).
However, most tags in the page do not have names, such as:
<form action=send.php method=post> <input type=hidden name=mail [email protected]> <input type=text name=name> <input type=submit value=submit></form>
There is no form name in this code. Based on the above information, you can use this command:
javascript:alert(document. [email protected])
In this case we must count and find the form sequence number, and the following is an example:
<form action=send.php method=post> <input type=text name=name> <input type=submit value=submit> </form> <form action=send.php method=post> <input type=hidden name=mail [email protected]> <input type=text name=name> <input type=submit value=submit> </form> <form action=send.php method=post> <input type=text name=name> <input type=submit value=submit> </form>
In the above code we see 3 forms, but we are only interested in the second one, so the form number we want is 2. Don't forget that we start from 1, such as 1, 2, 3, 4... while javascript starts from 0, such as 0, 1, 2, 3... So the real form number is 1, not 2. Usually we have to subtract the found form number by one. We will use this serial number to complete our command:
javascript:alert(document.forms[1][email protected])
This way you can change the image or link without a name, and you can change the forms to any tag type you want. For pictures
javascript:alert(document.images[3].src=#the url of the picture you want#)
For the link is
javascript:alert(document.links[0].href=#the url you want#)
Finally, we can use this technique to edit cookies. The following command is written by Dr_aMado from triviasecurity.net, and I modified it only a little bit to let it appear before the user edits it. You just need to copy them to the address bar:
javascript:alert(window.c=function a(n,v,nv){c=document.cookie;c=c.substring(c.indexOf(n)+n.length,c.length); c=c.substring(1,( (c.indexOf(;)>-1) ? c.indexOf(;) : c.length));nc=unescape(c).replace(v,nv); document.cookie=n+=+escape(nc); return unescape(document.cookie);}); alert('The cookie is: '+document.cookie+''); alert(c(prompt(The name of the cookie:,), prompt(Change this value:,), prompt(with this:,))))//If you want to manually change your cookie, you can use the following command:
javascript:alert(document.cookie)
This will display your current cookie, assuming userid=1, if you want to change it to userid=2, you can use the following command:
javascript:alert(document.cookie=userid=2)
Finally I have to emphasize that all changes are just on the client side! It's like saving a web page on your PC and modifying it. Still, using this trick you can still trick the page (such as cookies) or bypass security verification. For example, some web pages will detect the location where the user sends data. If you send data from http://www.test.com/form.php to http://www.test.com/check.php, check.php may detect whether the data comes from the form on http://www.test.com/form.php. Besides that, if you plan to enter your own JavaScript code into the page, by using some of these tricks, you will be able to change the picture and leave it the same!
The above is all the content of this article. I hope it will be helpful to everyone's learning and I hope everyone will support Wulin.com more.