Step 1 Alert & Injection Chains
Let's chain commands. The semicolon is the indicator of command chains. Try this one out:
Step 2 Cookie Alerts & Cookie Modification
If you see a popup with lots of jumbles of letters and things like "PHPSESSID=", that means the website is storing cookies on your computer.
Let's edit something in this cookie.
Now if I were logged in and had another member's cookie, I could swap our sessions using these techniques, effectively becoming that member.
Step 3 Edit Web Forms
Sometimes you may want to edit a web form. A web form is when you have to "submit" something to a server, usually in logins or forgotten password forms. Let's say we have a forgot password form for some website, and this is the HTML code they used:
<form action="http://www.website.com/forgotpassword.php" method="post"> <input type="hidden" name="to" value="firstname.lastname@example.org">
This is basically saying "Void the documents first form, skip (to) and go to the value (value) and make it equal to my email".