Saturday, June 25, 2005

HACKING WITH JAVASCRIPT

: "HACKING WITH JAVASCRIPT Dr_aMado Sun, 11 Apr 2004 16:40:13 UTC This tutorial is an overview of how javascript can be used to bypass simple/advanced html forms and how it can be used to override cookie/session authentication. SIMPLE HTML FORMS 1. Bypassing Required Fields Surely you have met a webpage that requires you to fill all fields in a form in order to submit it. It is possible to bypass these types of restrictions on any webpage. If you take a look at the webpage's source and follow it down to the form's code, you will notice the onsubmit form attribute. Hopefully by this time you have experienced the power of javascript and you know that javascript has control over every single element in a webpage, including forms.We can use javascript to our advantage in every page we view for we can modify, delete, or add any element to the webpage. In this case we wish to clear the form's onsubmit attribute in order for the form to be submitted successfully. The onsubmit attribute generally points to a function that checks the form to have the correct format. A function that does this may look something like this: function formSubmit(x) { if(x.email.value=='') return false; return true; } ...
...
I will not go into great detail about how the formSubmit function works. You should know that if the (textfield/optionfield/option/..) field is left blank, the form will not be submitted to process.php. Now comes the moment of truth, how do we modify the form so that onsubmit returns true everytime? The way we can access the form with javascript and do this is: document.forms[x].onsubmit='return true;'; or document.spamform.onsubmit='return true;'; Both of these 'queries' will allow you to submit the form free of restrictions. The secret is how to execute this. I do this using my browser's Location bar. All you have to do is enter this text into the location bar and pr"
Post a Comment