Javascript Injections
 
These three things i will try to explain to you: Injection Basics, Cookie and Form Editing.
In these articles i will teach you only the super basics of javascript and for all those who want to learn more, google advanced
 
javascript injections
 
 
Basics
 
All you need for injecting this very useful stuff, is URL.
When you use them, delete the whole url bar, even http:// - leave your bar totally empty, and then...onto the injecting.
 
First thing your have to type is '' javascript: '' (without '' '')
That means we are using, guess what, javascript???
There are 2 main commands that you will use (sometimes even one) - they are: alert(); and void();
 
Now that we know something about this, we are going to make a simple task.
Go to any site and try to make a window appear saying: I got it
 
Try to do it on your own, and if you cant write it, look here:
javascript:alert('I got it');
 
 
Cookies (yummy)
 
If you are not familiar with the term ''cookie'' please google it because i dont want to explain it now.
So, after you found out what cookies are, we will learn how to view them.
We will check them with a simple script like this:
javascript:alert(document.cookie);
Now, you will see a pop-up window displaying information on your cookies.
 
For editing, we have to use that void(); command
javascript:void(document.cookie="Field=Value");
This script can change the existing info or create a new value.
Replace ''Field'' with an existing field or create a new values. Then replace ''Value'' with whatever you want.
This is a very popular script:
javascript:void(document.cookie="Authorized=yes");alert(document.cookie);
This alert(document.cookie); at the end will show you the effect of this script.
 
 
Forms
 
To edit the values, you can sometimes edit the downloaded html and submit whatever you want.
Then, the form comes up.
Every form is stored like this: forms

X is the number which starts with 0 and goes on by order (1,2,3,...)
The most common situation will be that x is 0 so,.... forms[0]
 
I saw a challenge on HTS requiring to combine e-mail and javascript.
You cant download the script but you can check to see what value a certain form element has by using this script:
javascript:alert(document.forms[0].to.value)
 
So, heres the example:
javascript:void(document.forms[0].to.value=''your email");alert(document.forms[0].to.value);
Again, just like the alert(document.cookie); at the end will show you the effect.
 
Another example goes like this:
javascript:void(document.forms[0].dir.value="logFiles");alert(document.forms[0].dir.value)
Try to figure it out
 
~This article was originally written by Sauron.