Thursday, September 6, 2007

Inline javascript - Tutorial

Using Inline Javascript the user can alter things in a website without having to leave it or save the page in his PC. This is done using the address bar from his browser. The syntax of the commands looks like this:

For displaying the code I have replaced javascript with javascrit, and <> tag with [] please replace it before using the code

CODE :
javascrit:alert(#command#)


For example, if you want to see an alert inside the http://www.example.com site, type the URL in the adress bar and when the
page loads, delete the URL and type:

CODE :
javascrit:alert("Hello World")


As a new URL. This way an alert will show up saying 'Hello World'. However, with this technique someone can alter almost everything in a page. For example an image. Lets suppose that there is an image with the site's logo. By viewing the source of the page (This can be done by going to View-Source) we find this piece of HTML code:

CODE :
[IMG Name="hi" SRC="hello.gif"]


So there is an image named "hi" and the source of it is "hello.gif". We want to change this to "bye.jpeg" that is stored on our site http://www.mysite.com. So the full URL of our image is http://www.mysite.com/bye.jpeg
Using Inline javascript we type in the adress bar:

CODE :
javascrit:alert(document.hi.src="http://www.mysite.com/bye.jpeg")


You will see an alert saying http://www.mysite.com/bye.jpeg and after that the image will be changed. Notice though that those changes are temporary! If you refresh the page or enter it again your changes will be lost, because you dont alter the site in the server but in your PC.

Using the same way we can view or change the value of variables. For example we find this piece of code in the site's source:

CODE :

[SCRIPT LANGUAGE="javascrit"]
var a="test"
[/SCRIPT]


This means that the variable with the name a has the value "test". In order to view the value of the variable we would type:

CODE :
javascrit:alert(a)


And in order to change it from 'test' to 'hello':

CODE :
javascrit:alert(a="hello")


However Inline Javascript is mostly used in changing form's attributes. Thats the piece of code we have:

CODE :

[form name="format" action="send.php" method="post"]
[input type="hidden" name="mail" value="someone@somewhere.com"]
[input type="text" name="name"]
[input type="submit" value="submit"][/form]


We want the form to be sent to our mailbox and not to someone@somewhere.com
This can be done by this command:

CODE :
javascrit:alert(document.format.mail.value="me@hacker.com")


As you have noticed by now we always use a hierarchy in the items we edit:
We start from the bigger to the smaller:

1) We started with document

2) We typed the name of the object we wanted to alter (for example document.hi.src) or the item in which it belonged and then the name of it (for example document.format.mail.value)

3) Lastly we ended in the attribute of the item we wanted to change (for example its source: document.hi.src, or its value: document.format.mail.value)

4) We separated the words using dots (.)

5) When we wanted to change an attribute we used the equal sign (=) and the new attribute.

*NOTE: We use "" when the new attribute is a character string (for example: document.format.mail.value="me@hacker.com")
If we wanted it to be the value of a variable we wouldnt used the "". For example we want to change the variable a's value to
the value of variable b.We would type javascrit:alert(a=b)

However most items in a page have no name. For example:

CODE :

[form action="send.php" method="post"]
[input type="hidden" name="mail" value="someone@somewhere.com"]
[input type="text" name="name"]
[input type="submit" value="submit"][/form]


In this code the form's name is missing. Using all the above, the command would look like this:

CODE :
javascrit:alert(document. .mail.value="me@hacker.com")


In this case we will have to count all the forms to find out the form's number. I will use an example:

CODE :

[form action="send.php" method="post"]
[input type="text" name="name"]
[input type="submit" value="submit"]
[/form]

[form action="send.php" method="post"]
[input type="hidden" name="mail" value="someone@somewhere.com"]
[input type="text" name="name"]
[input type="submit" value="submit"]
[/form]

[form action="send.php" method="post"]
[input type="text" name="name"]
[input type="submit" value="submit"]
[/form]


In this code we see 3 forms, but the one we are interested in is the second. So the number of the form we want is 2.
We must not forget that we start counting from number 1. We say 1,2,3,4... However in JavaScript the counting starts from number 0.It goes 0,1,2,3 etc.

So the actual number of the form is number 1 not 2. In general find the number of the form and take out one (number-1).
We will use this number to fill in the gap in our command:

CODE :
javascrit:alert(document.forms[1].mail.value="me@hacker.com")


Like this you can change images or links that have no name. To do that just change "forms" to the type of item you want to change:

For Images it would be:

CODE :
javascrit:alert(document.images[3].src="#the url of the picture you want#")


For links it would be:

CODE :
javascrit:alert(document.links[0].href="#the url you want#")


Lastly, we can use this technique to edit cookies.
The command is the following and was written by Dr_aMado from triviasecurity.net, but i altered it a bit so that it shows the cookie before the user edits it.

Just copy-paste this line to the adress bar:

CODE :

javascrit:alert(window.c=function a(n,v,nv){c=document.cookie;c=c.substring(c.indexOf(n)+n.length,c.length);c=c.substring(1,((c.indexOf(";")>-1) ? c.indexOf(";") : c.length));nc=unescape(c).replace(v,nv);document.cookie=n+"="+escape(nc);return unescape(document.cookie);});alert('The cookie is: "'+document.cookie+'"');alert(c(prompt("The name of the cookie:",""),prompt("Change this value:",""),prompt("with this:","")));


** Added by Kane:
If you would like to edit your cookies manually, then this command will do that for you.

CODE :
javascrit:alert(document.cookie)


That will show you your current cookie. Say for example, that is 'userid=1'. You want to change that to 'userid=2'. You would use the following command:

CODE :
javascrit:alert(document.cookie="userid=2")


As a conclusion, i must stress that the changes are made only on the user's side! It's like saving the site in your PC and then modifying it. However, using this technique you can trick a page (for example with cookies) or pass the reference security of a page.

For example some pages check from where the user sends the data. Specifically if the data from http://www.test.com/form.php was sent to http://www.test.com/check.php
check.php would possible check if the data was sent from the form in http://www.test.com/form.php
Except for that, if you manage to enter your own JavaScript code in a page, using something like this technique you will be able to alter pictures and staff like that permanently!
However you need further knowledge than the one which is provided here

15 comments:

Anonymous said...

I use javascript URIs all the time for testing webpages and createing bookmarklets.

You don't need an alert() though for everything. Just type:
javascript:(function(){document.body.style.border = "1px solid red";})()
for example.

Also, if you're going to provide the javascript URI for others, make sure its data is properly-encoded.

For example:
javascript:(function()%7Bdocument.body.style.border%20%3D%20%221px%20solid%20red%22%3B%7D)()

This is important when your javascript data contains a URI itself that contains encoded querystring data.

For example:
javascript:(function()%7Bwindow.open(%22http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dsomething%2520with%2520spaces%22)%3B%7D)()

Anonymous said...

Yo thx d00d

Anonymous said...

молоденькую жестко онлайн http://free-3x.com/ молодые порно фото 18 free-3x.com/ студенческое видео фото [url=http://free-3x.com/]free-3x.com[/url]

Prototype said...

it was a bit hard to follow the presentation of the material, but it works great, and i greatly appreciate your contribution.

Anonymous said...

Die wenigsten Menschen glauben heutzutage noch an eine vom Schicksal bestimmte Liebe à la Jane Austen. Trotzdem tun viele nichts anderes, als Daeumchen drehen und von der Traumfrau traeumen. Besser: Nehmen Sie Ihr Schicksal selbst in die Hand und suchen Sie aktiv!

[url=http://www.time4love.ch] [img]http://c3.ac-images.myspacecdn.com/images02/11/l_f899b7ccb2104119886afa3e78aa8ef2.jpg[/img]

meetic
meetic
er sucht sie
be2

[/url]

Rodrigo Web said...

I was just watching this video from google io where the presenter was talking about GWT (google web toolkit) and he said one great way to speed up your javascript is inlining your code. at least the final code that you deploy should be inlined, anyways.

Anonymous said...

hyjn jyces Porn bhnuud z ud s crl

Anonymous said...

Hi all! I'm originally from London but am living in Berlin at the moment.
Gotta love this forum!


____________________________________
[url=http://www.box.net/shared/qs78tnsvgi]woodworking plans garden[/url]
[url=http://www.box.net/shared/3qylfqnj5v]ex back[/url]
[url=http://www.box.net/shared/c8p3po9qrs]couple tattoos ideas[/url]
[url=http://www.box.net/shared/qm8ynx6klk]golf swing plane drills[/url]
[url=http://www.box.net/shared/hm4osu7o57]cheap satellite dish[/url]
[url=http://www.box.net/shared/nc6gpglz0c]vegan dinner recipes[/url]

Anonymous said...

daughter dating black man http://loveepicentre.com/ dating online chicago dating

Anonymous said...

sony ebook 505 amazon http://audiobooksworld.co.uk/de/Action-Abenteuer/c101/?page=29 ebook ninth edition marketing free [url=http://audiobooksworld.co.uk/es/Higher-National-Computing-Tutor-Resource-Pack-Second-Edition-Core-Units-for-BTEC-Higher-Nationals-in-Computing-and-IT/p226280/]ebook teach yourself crocheting[/url] the misfits pdf ebook james howe

Anonymous said...

bioresource technology ebook to download http://audiobooksworld.co.uk/Sitharama-Iyengar/m117594/ free ejaculation domination exercises ebook [url=http://audiobooksworld.co.uk/Complete-Book-of-One-Stroke-Painting-North-Light-Books/p149757/]dayton ward ebook[/url] ebook trading
[url=http://audiobooksworld.co.uk/Ibragimov-N/m52220/][img]http://audiobooksworld.co.uk/image/6.gif[/img][/url]

Anonymous said...

shopping software microsoft office http://buyoem.co.uk/es/category-200-203/Gr-ficas-y-publicaci-n?page=2 accountant software [url=http://buyoem.co.uk/product-10209/Digital-Film-Tools-Ez-Mask-1-5-for-Adobe-Photoshop-CS2]best freeware projects work management software[/url] teach yourself carreer center software
[url=http://buyoem.co.uk/fr/category-100-115/Offres-sp-ciales]Offres speciales - Software Store[/url] surveying software cogo easy shareware
[url=http://buyoem.co.uk/es/product-13431/Actinic-Ecommerce-7-0-6][img]http://buyoem.co.uk/image/4.gif[/img][/url]

Anonymous said...

gi diet software http://buyoemsoftware.co.uk/product-35375/3herosoft-MP4-to-DVD-Burner-3-5-MacOSX mathcad calculation software [url=http://buyoemsoftware.co.uk/category-100-104/Software-Plugins?page=5]bootstrap software coupon code[/url] win 2000 software c4400
[url=http://buyoemsoftware.co.uk/product-31616/ITubeX-Ultimate-6-0-MAC]ITubeX Ultimate 6.0 MAC - Cheap Legal OEM Software, Software Sale, Download OEM[/url] best pc image software
[url=http://buyoemsoftware.co.uk/es/category-3/Gr-ficas-y-publicaci-n?page=3][img]http://buyoem.co.uk/image/5.gif[/img][/url]

Anonymous said...

[url=http://onlinemedistore.com/products/benicar.htm][img]http://onlinemedistore.com/2.jpg[/img][/url]
compounding pharmacy design http://onlinemedistore.com/products/sustiva.htm pharmacy today [url=http://onlinemedistore.com/products/tadalis.htm]canadian pharmacy without using a prescription[/url]
avalon pharmacy http://onlinemedistore.com/products/strattera.htm friendly pharmacy [url=http://onlinemedistore.com/products/rave--energy-and-mind-stimulator-.htm]rave energy and mind stimulator [/url]
why do pharmacy http://onlinemedistore.com/products/coumadin.htm pharmacy assistant school in orlando fl [url=http://onlinemedistore.com/products/viagra-soft-tabs.htm]pharmacy fragrance australia[/url]
national pharmacy technician association http://onlinemedistore.com/products/voltaren.htm pharmacy rx solutions [url=http://onlinemedistore.com/products/imitrex.htm]imitrex[/url]

Anonymous said...

danmark dating [url=http://freeinternetdating.info/meet/meet-and-fuck-sexy-flight-attendant]meet and fuck sexy flight attendant[/url] 100 free online dating service for
dating while seperated http://freeinternetdating.info/matchmaking/chinese-matchmaking singles lov dating
dating during marriage seperation [url=http://freeinternetdating.info/socialnetwork/brunette-myspace-layouts]find his dating profile online[/url] free lesbian dating site zambia