zabbix
+ Reply to Thread
Results 1 to 2 of 2

Thread: Java Injection Examples

  1. #1
    Join Date
    Jan 2008
    Posts
    10

    Java Injection Examples

    - made by Breach

    Basics

    All you need for injecting this very useful stuff, is URL.
    When you use them, delete the whole url bar, even http:// - leave your bar totally empty, and

    then...onto the injecting.

    First thing your have to type is '' java script: '' (without '' '')
    That means we are using, guess what, javascript???
    There are 2 main commands that you will use (sometimes even one) - they are: alert(); and

    void();

    Now that we know something about this, we are going to make a simple task.
    Go to any site and try to make a window appear saying: I got it

    Try to do it on your own, and if you cant write it, look here:
    java script:alert('I got it');


    Cookies (yummy)

    If you are not familiar with the term ''cookie'' please google it because i dont want to explain

    it now.
    So, after you found out what cookies are, we will learn how to view them.
    We will check them with a simple script like this:
    java script:alert(docu<i></i>ment.cookie);
    Now, you will see a pop-up window displaying information on your cookies.

    For editing, we have to use that void(); command
    java script:void(docu<i></i>ment.cookie="Field=Value");
    This script can change the existing info or create a new value.
    Replace ''Field'' with an existing field or create a new values. Then replace ''Value'' with

    whatever you want.
    This is a very popular script:
    java script:void(docu<i></i>ment.cookie="Authorized=yes ");alert(docu<i></i>ment.cookie);
    This alert(docu<i></i>ment.cookie); at the end will show you the effect of this script.


    Forms

    To edit the values, you can sometimes edit the downloaded html and submit whatever you want.
    Then, the form comes up.
    Every form is stored like this: forms[x]
    X is the number which starts with 0 and goes on by order (*,2,*,...)
    The most common situation will be that x is 0 so,.... forms[0]

    I saw a challenge on HTS requiring to combine e-mail and javascript.
    You cant download the script but you can check to see what value a certain form element has by

    using this script:
    java script:alert(docu<i></i>ment.forms[0].to.value)

    So, heres the example:
    java script:void(docu<i></i>ment.forms[0].to.value=''your

    email");alert(docu<i></i>ment.forms[0].to.value);
    Again, just like the alert(docu<i></i>ment.cookie); at the end will show you the effect.

    Another example goes like this (also from HTS):
    java

    script:void(docu<i></i>ment.forms[0].dir.value="logFiles");alert(docu<i></i>ment.forms[0].dir.va

    lue)
    Try to figure it out

  2. #2
    Join Date
    Sep 2006
    Posts
    1,649
    Well, that's an alright tutorial, but here is a much better tutorial in my opinion. I hope you don't mind me posting it here:

    [url]http://www.xssed.com/article/6/Paper_Kr*ws_Cross-Site_Scripting_Tutorial/[/url]
    "Workers of the world unite; you have nothing to lose but your chains." -Karl Marx

+ Reply to Thread

Similar Threads

  1. Java tutorial
    By toast in forum Programming
    Replies: 5
    Last Post: 11-28-2018, 12:29 AM
  2. PHP examples
    By gilbertsavier in forum Programming
    Replies: 0
    Last Post: 08-06-2009, 02:28 AM
  3. java?
    By duckiesarefun in forum Programming
    Replies: 9
    Last Post: 11-15-2008, 05:36 PM
  4. Very awesome Java
    By toast in forum Programming
    Replies: 27
    Last Post: 10-28-2006, 06:43 PM
  5. java & it's proxy
    By LoOker in forum Proxies and Firewalls
    Replies: 1
    Last Post: 10-10-2003, 05:27 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts