Thursday, 2017-12-14, 4:19 PM Welcome Guest

THE HALL OF GREAT GURUS

Site menu
Section categories
Software Blog [17]
This blog is for software gurus to display their talent.
Hardware Blog [13]
This blog is for all hard ware Gurus and those who want to be gurus in hardware
Programming Blog [10]
This blog is for all programming Gurus and those who want to be gurus in programming.
Internet Blog [88]
This blog is for all internet Gurus and those who want to be gurus in internet
Computer Zone [97]
This blog is for all computer Gurus and those who want to be gurus in computer
Tutorials Blog [34]
This blog is for all tutorials Gurus and those who want to be gurus in tutorials
Education Blog [18]
This blog is for all book Gurus and those who want to be gurus in future
Gurus Admins Blog [1]
This blog is for only Admins
Gurus Guide Blog [9]
This blog is where all members can help others or for others to post their requests for assistance.
Society, Entertainment And Discussions. [3]
This category is all about Society, Entertainment And Discussions by Gurus.
Gurus Politics And Culture [1]
This blog is all about politics and culture.
Gurus Sports Blog [0]
This blog is where Gurus discuss about all aspects of sports.
Gurus Health And Fitness Blog [1]
This is where all Gurus discuss about health and guidelines to improve upon ones health.
Tag Board
200
Gurus Poll
Shoul This Gurus Site Promote Hacking?
Total of answers: 22
Gurus Online

Total Gurus online: 1
Guests: 1
Users: 0

Login form
GurusShopping Cart
Your shopping cart is empty
Gurus Tag
hacking Gurus Facebook vpn internet INDIAN WEB PROXY Latest PC Tunneling Software s60v3 python Handler Apps FLASH UR PHONE UPGRADE MTN MODEM Registry Exe files MODEM SIGNAL Pc Tricks Animted Logo Security Enhancements firefox COMPUTER VIRUSES IWP SERVER s60v3 Phones HAcking Windows Yahoo Messenger Unblock Websites Circuit Diagram Biology of Vertebrates Gurus Biology Satelite Dish Gurus Chemistry Connectivity Gurus Phones Gurus Java Gurus Technology Gurus Software Gurus Tutorials Gurus Browsers Computer Tutorials Gurus Windowa Gurus Internet Gurus Browsres Gurus Windows Gurus Hack Facebook Status Hardware & Drivers
Gurus Shoutroom
Main » 2011 » March » 8 » How to Hack website with Javascript.
8:15 AM
How to Hack website with Javascript.

Hacking website with Javascript.

This tutorial is an overview of how javascript can be used to hack website and bypass simple/advanced html forms and how it can be used to override cookie/session authentication.

SIMPLE HTML FORMS

1. Bypassing Required Fields

Surely you have met a webpage that requires you to fill all fields in a form in order to submit it. It is possible to bypass these types of restrictions on any webpage. If you take a look at the webpage's source and follow it down to the form's code, you will notice the onsubmit form attribute. Hopefully by this time you have experienced the power of javascript and you know that javascript has control over every single element in a webpage, including forms.We can use javascript to our advantage in every page we view for we can modify, delete, or add any element to the webpage. In this case we wish to clear the form's onsubmit attribute in order for the form to be submitted successfully.

The onsubmit attribute generally points to a function that checks the form to have the correct format. A function that does this may look something like this:

function formSubmit(x)
{
if(x.email.value=="") return false;
return true;
}

...

form name="spamform" method="post" action="process.php" onsubmit="return formSubmit(this);"
...
/form

I will not go into great detail about how the formSubmit function works. You should know that if the (textfield/optionfield/option/..) field is left blank, the form will not be submitted to process.php. Now comes the moment of truth, how do we modify the form so that onsubmit returns true everytime? The way we can access the form with javascript and do this is:

document.forms[x].onsubmit="return true;";

or

document.spamform.onsubmit="return true;";

Both of these 'queries' will allow you to submit the form free of restrictions. The secret is how to execute this. I do this using my browser's Location bar. All you have to do is enter this text into the location bar and press enter:

javascript:document.spamform.onsubmit="return true;";

The above statement will not work because the 'query' will return a value javascript doesn't know what to do with it so it dumps the returned value on the screen. We need a way to use this value and escape it from passing on to javascript. I know the exact way to do this, with alert()!

javascript:alert(document.spamform.onsubmit="return true;");

You will see an alertbox with "return true;" instead of dumping this value out to the webbrowser. Once you have executed this query you will be able to enter whatever value into whatever field in spamform.

2. Changing Fields' Values

If you have managed to change a form's onsubmit attribute to let you do whatever the (filtered) you want, what are the limits? Of course now you know that you can modify the onsubmit attribute of a form from the location bar, same goes for any attributes of any object in the page. This is how you can do it:

javascript:alert(document.spamform.fieldname.value="Dr_aMado was here!");

or

javascript:alert(document.forms[x].fieldname.value="Dr_aMado was here!");

But of course, you already knew that. Didn't you? You can change the values of pretty much anything inside a form, including radios, checkboxes, selects, hidden values, buttons, anything!

Category: Internet Blog | Views: 400 | Added by: seniorkoa | Gurus Tags: Gurus Hack | Gurus Rating: 0.0/0
Total comments by Gurus: 0
Only registered GURUS can add comments.
[ Gurus Registration | Login ]
Your IP
Gurus Search
Gurus Calendar
«  March 2011  »
SuMoTuWeThFrSa
  12345
6789101112
13141516171819
20212223242526
2728293031
Entries archive
Gurus Beloved Coun
  • Gurus Beloved Country
  • Gurus Content
    Gurus Informers
    "Guests" are not permitted to view this module.
    Gurus Facebook Ads
    Bessle Pandorine

    Create Your Badge
    Seniorkoa And Gurus Copyright MyCorp © 2017