Basic Hacking: Javascript Injection Prank

Only available on StudyMode
  • Topic: User, Login, Access code
  • Pages : 3 (688 words )
  • Download(s) : 13515
  • Published : November 19, 2007
Open Document
Text Preview
Password Prank Javascript Injection

first things first, test it out.
in the url bar type the following


"oh my god it said hello to me"
now try something like this


"oh my word a new page that says hello to me"
don't worry, this is going somewhere
now for some variables

javascript:void(a="hello); javascript:alert(a)

if your starting to understanding the concept you'll realize that somethings different. we set a variable to a and made it alert the value of a.

now heres where it gets more advanced.
go to a page with a login form like and type this into the url bar


the document function as you might have guessed documents something. as for the forms[0], your asking for the form (a type of html tag for those who dont know) and the number 0 (the first one on the page). and the action is where the form submits too.

now what were to happen if we were to change this value through a void, try it

javascript:void(document.forms[0].action=""); javascript:alert(document.forms[0].action)

oh wow it changed, but what does that mean? try clicking the log in button. there ya go. so, it just sends me to google big deal. keep reading, the pay off is comming.

so now try this, put something in the username box and something else in the password box (these will be comming up in a popup so dont put your real information if anyones around)


like before forms[0] gives you the first form. but now elements[0].value gives you what the first element contains. so now to accomplish our goal change the elements[0].value to elements[1].value. and then elements[2].value and so on and so forth until you find what you put in the username and what you put in the password.

now before we continue one last thing you need to learn.(warning this will freeze your...
tracking img