Hack with javascript

xiaoxiao2021-03-05  21

Very good, I have guiding me

-------------------------------------------------- ---------

Author: Invincible most lonely [E.S.T]

Source: Evil Eight Bao China

Original source: unknown

Disclaimer: This article is a foreign friend who has given friends to my email. The original author is written by Dr_amado. I even spend an hour of time, so please indicate it.

Hacking with javascript

This tutorial mainly describes how to use JavaScript to bypass some simple or more advanced HTML form restrictions and cookie / session verification.

Simple form limit

1. Betvap item

You will often touch some pages. You will need to fill all the entries to be submitted, but we can use these restrictions. If you look at the source code of the page, find the part of the code submitted by the form, you will find There is an onSubmit property in the Form tab. When you see this property, we are very hope to try to bypass these restrictions. Everyone knows, JavaScript can control all elements in the page, including form elements. So we You can use JavaScript modification, delete, and add any elements to each page we browsed.

Therefore, we can use the JavaScript to clear the OUSUBMIT property in the form, so we can submit a form without restricted success.

The onSubmit property typically points to a function, this function is used to check the correct format of the submitting Form form data. (Translator Note: I am here as an example of a free mailbox application in China):

Function fcheck () {

IF (! form.readed.checked)

{

Alert ("You need to register after accepting the Terms of Service!");

Form.Readed.focus ();

Return False;

}

...

...

About the detailed introduction of the FCheck () function is not within the discussion of this article, how to write and please check the relevant information yourself. You can see it through the above code. If you have some forms, you will have no more. If you do not submit it, the form is unable to submit. Now we have to modify the onsubmit property, using JavaScript to return it directly to true, you can use the following two methods:

Document.forms [x] .οnsubmit = "Return True;"

oral

Document.form.οnsubmit = "Return True;";

Using these two statements can make the form unrestricted successfully. But how do we do what JavaScript statement above? In fact, we can enter this statement directly into the address bar, and then enter will execute. The statement is as follows :

JavaScript: Document.form.οnsubmit = "Return True;";

However, it is not successful because the value returned by the above statement will be written directly to the page, so we can't continue to fill in the form. So we must avoid the value to be written to the page, the method is to use Alert ()function:

JavaScript: Alert (Document.form.οnsubmit = "Return True;");

Running the above statement will pop up a dialog content is "return true;" without writing to the page. Now you can fill in your form without restrictions. (Translator Note: The following test It is an example of free mailbox application in a country:

No longer cancel the limit, if you don't enter, you will pop up the dialog box as shown below:

At this time, we look at its source code in accordance with the above-mentioned Russian method, find that the code submitted to the FORM form is as follows:

knowing its name is form, let's enter the following statement in the address bar:

JavaScript: Alert (Document.form.οnsubmit = "Return True;");

Then enter the car, as shown below:

At this time, we will re-register the following, the password column still does not enter, and then submit the form results as shown below:

Hehe .. Is it went around ... Continue to see your big guys.

2. Change the contents of the table

When you have successfully tried to change the list of onSubmit properties you want to do, we can think about what restrictions we have received? Of course, you can now modify the list of onSubmit properties, then the same, we can use This method modifies any object in the page. Just like this:

JavaScript: alert (Document.spamform.fieldName.Value = "DR_AMADO WAS Here!");

oral

JavaScript: alert (Document.Forms [x] .fieldname.value = "dr_amado was here!");

Oh, very simple three? You can modify anything you think can be modified ..just do it!

SQL injection

1. Using formal advantages

SQL injection is very familiar, I mainly explain whether the vulnerability form will be properly processed.

Get database information

A method of acquiring system information is to raise an error in the SQL query to get specific information from the website database (translator Note: What kind of "What kind of society is" What Society "can be searched Forms, dynamic links, and session cookies. Most introductions SQL injected articles are how to use dynamic links and text boxes to perform SQL query statements. But I think these vulnerabilities are more common in other types (SELECT BOXES, HIDDEN FIELDS, Checkboxes and Radio Buttons, and cookies!).

Mixed data type If there is no good coding, it is easy to cause a page of a page. For example, the link such as "MemberInfo.php? O_id = 1", after adding a double quotation or single quotation mark, fortunate, you will get one Contains the debugging information of some SQL query statements. When you get the information you need, you can make sure how to do it next.

Change the value of the entry

The first form that should be considered is the user data page. Most user data pages are not well filtered, such as select Boxes form. One way to use this vulnerability is to insert a SQL query in this form of list. Statement. Enter the following in the address bar of IE:

JavaScript: Alert (Document.profileform.user_sex.value = "gay / ', user_pasword = /' Hacked / 'where user_id = 1 #");

We assume that the server's query sentence is like this:

"Update user_data set user_password ', user_email =' $ user_email ', user_sex =' $ user_sex 'where user_id = $ user_id";

So inserted into the query statement after our SQL statement as follows:

"Update user_data set user_password = 'mypassword', user_email = 'myemail', user_sex = 'gay', user_password = 'Hacked' Whereuser_id = 1 # 'where user_id = 7382";

"#" This is an annotor of SQL.

2. Bypassion cookies

Basic session cookie verification

Many cases of session processing is cookies. If the page does not have correct session cookies, an attacker can use this defect to change your user's identity as other users.

Cookies Save in "Window.Document.cookie". Using JavaScript we can erase, edit, create any Site cookies. This is much more complicated than a general attack. I only introduce it. "

View cookies:

JavaScript: Alert (unescape (document.cookie);

Modify cookies data:

JavaScript: Alert (window.c = functiona (n, v, nv) {c = document.cookie; c = c.Substring (c.indexof (n) N.LENGTH, C.LENGTH); c = C.Substring (1,(

(c.indexof (";")> - 1)? c.indexof (";"): c.Length)); nc = unescape (c) .replace (v, nv); Document.cookie = n "= " escape (nc); return

Unescape (document.cookie);}; Alert ("Cookie Name:,", "), Prompt (" Replace this value: "," ", prompt (" whp :: ",") ));

Suppose you log in as "John Doe" at www.ima13370h4x0r.net, and the cookie you get is as follows:

SessionData = A: 3: {S: 11: "sessionuser"; s: 5: "75959"; s: 9: "sessionid"; I: 70202768; s: 9: "Lastvisit"; i: 1078367189;

We only care about "75959" because it is the value of user_id. Many times, you will find some stations to save some key data (such as user_id) in cookie, is a very serious vulnerability, because any user can Modify their USER_ID value for other users, such as the user_id value of the admin user.

.

Once you declare the Window.c function, modify the value of the cookie is much easier. First, modify S: 5: "75959" to S: x: "adminID", where x is the length of the new value. For example, You want to change the 75959 to 1, then you must change S: 5: "75959" to S: 1: "1". Some sites will use SQL query statements with WHERE clauses to keep user login status at this time You need to put the value of 75959 to "13 or 1 = 1".

note:

Embedded JavaScript declaration can be added to your browser, which can be gently. Statement your own function with the following form:

Alert (window.newfunction = function () {...}) "

转载请注明原文地址:https://www.9cbs.com/read-39041.html

New Post(0)