This tutorial is an overview of how javascript can be used to hack website and bypass simple/advanced html forms and how it can be used to override cookie/session authentication.
SIMPLE HTML FORMS
1. Bypassing Required Fields
Surely you have met a webpage that requires you to fill all fields in a form in order to submit it. It is possible to bypass these types of restrictions on any webpage. If you take a look at the webpage's source and follow it down to the form's code, you will notice the onsubmit form attribute. Hopefully by this time you have experienced the power of javascript and you know that javascript has control over every single element in a webpage, including forms.We can use javascript to our advantage in every page we view for we can modify, delete, or add any element to the webpage. In this case we wish to clear the form's onsubmit attribute in order for the form to be submitted successfully.
The onsubmit attribute generally points to a function that checks the form to have the correct format. A function that does this may look something like this:
1. Bypassing Required Fields
Surely you have met a webpage that requires you to fill all fields in a form in order to submit it. It is possible to bypass these types of restrictions on any webpage. If you take a look at the webpage's source and follow it down to the form's code, you will notice the onsubmit form attribute. Hopefully by this time you have experienced the power of javascript and you know that javascript has control over every single element in a webpage, including forms.We can use javascript to our advantage in every page we view for we can modify, delete, or add any element to the webpage. In this case we wish to clear the form's onsubmit attribute in order for the form to be submitted successfully.
The onsubmit attribute generally points to a function that checks the form to have the correct format. A function that does this may look something like this:
function formSubmit(x)
{
if(x.email.value=="") return false;
return true;
}
...
form name="spamform" method="post" action="process.php" onsubmit="return formSubmit(this);"
...
/form
I will not go into great detail about how the formSubmit function works. You should know that if the (textfield/optionfield/option/..) field is left blank, the form will not be submitted to process.php. Now comes the moment of truth, how do we modify the form so that onsubmit returns true everytime? The way we can access the form with javascript and do this is:
document.forms[x].onsubmit="return true;";
or
document.spamform.onsubmit="return true;";
Both of these 'queries' will allow you to submit the form free of restrictions. The secret is how to execute this. I do this using my browser's Location bar. All you have to do is enter this text into the location bar and press enter:
javascript:document.spamform.onsubmit="return true;";
The above statement will not work because the 'query' will return a value javascript doesn't know what to do with it so it dumps the returned value on the screen. We need a way to use this value and escape it from passing on to javascript. I know the exact way to do this, with alert()!
javascript:alert(document.spamform.onsubmit="return true;");
You will see an alertbox with "return true;" instead of dumping this value out to the webbrowser. Once you have executed this query you will be able to enter whatever value into whatever field in spamform.
2. Changing Fields' Values
If you have managed to change a form's onsubmit attribute to let you do whatever the (filtered) you want, what are the limits? Of course now you know that you can modify the onsubmit attribute of a form from the location bar, same goes for any attributes of any object in the page. This is how you can do it:
javascript:alert(document.spamform.fieldname.value="Tiger was here!");
or
javascript:alert(document.forms[x].fieldname.value="Dr_aMado was here!");
But of course, you already knew that. Didn't you? You can change the values of pretty much anything inside a form, including radios, checkboxes, selects, hidden values, buttons, anything!
0 comments:
Post a Comment