Hack Facebook With Basic Javascript Inject
JavaScript is a widely used technology within websites and web based applications. JavaScript can be used for all sorts of useful things and functions. But along with this comes some additional security issues that need to be thought of and tested for. JavaScript can be used not only for good purposes, but also for malicious purposes.
Using JavaScript an individual can modify and change existing information within a form. It can be used not only to change form input tags, but also the cookie's that are currently set in the browser, and any other value within a website or web application. Any type of parameter manipulation that you want to perform can typically be done with Javascript injection.
To execute any javascript within a current session, a user would enter the specific javascript commands within the browser's url bar minus the http://. All javascript commands must start with the javascript: tag followed by any javascript command that will be executed. All javascript is ended with a ; so a user could enter multiple javascript commands, as long as each command ended with the ;
JavaScript cookie modification
Using JavaScript a user can modify the current cookie settings. This can be performed with some basic JavaScript commands. To view the current contents of your current cookie/s, use the following JavaScript command. Put this in your browser's URL bar.
javascript:alert(document.cookie);
This command will popup a box which lists your current cookies. A malicious user could use javascript to change values in the cookie. For example lets say a web application you are testing sets an authorization cookie to true when a user has successfully logged in and passed the authorization test. To change the values within the cookie, a malicious user would execute javascript like the following from the url bar within the browser.
javascript:void(document.cookie="authorization=true");
This would cause the current cookie parameter authorization=false to be changed to authorization=true. Which the malicious user might not have passed the original authorization test. The malicious user has just bypassed the authorization test and gained access to the sensitive content. As you could imagine, this could cause severe problems in privilege escalation, if the malicious user could use JavaScript injection to bypass the correct authorization process.
If you are testing for JavaScript injection and wish to see if the cookie has been altered you would execute a command similar to the following, except you would want to replace the cookie name and value with the cookie you desire to test. Start with the javascript command to alter the cookie and then tack on the javascript alert function to view what the cookie was changed to. For example
javascript:void(document.cookie="authorization=true");
javascript:alert(document.cookie);
You should now be able to see the new cookie parameter in the popup box.