Wednesday, November 10, 2010

Javascript injections and Javascript debugging techniques.

Javascript injection is a technique of executing javascript in already loaded page in a browser. JS injections are commonly used for executing XSS(cross side scripting), SQL injection, for bypassing client side validations and also for debugging javascript in webpages.
There are many approach by which we can execute a javascript injection, few of them are shown here

1. Query inside address bar (works in almost all brower): Like we write javascript statement in anchor href attribute which gets executed on click of anchor. In the same way we can put javascript in address bar and execute them.

E.g. Copy and paste below given line in address bar and press enter
javascript: alert("This is a simple js injection.");
we can also add a js function using js injection like
javascript: void(window.myfunc = function(){alert("This alert is shown via myfunc function.");}); func();

2. Using browser js debugger: Almost all modern browser have there debugger for the web developers. Like IE Developer Tools (which comes with IE8 and onwards), firebug in Mozilla, Dragonfly in Opera. These all tools have a javascipt console where we can write javascript and execute them. Using these tools we can even write multiline javascript.

No comments: