0

This is a security question. My boss has asked me to find (and show a prototype) of possible hacks over the site and I am over one.

There is an input box on the page and using URI javascript (also know as void or null script) , I have to include a javascript file and jquery file (for the ease of presentation). The following code did not work.

javascript:{{ 
var e=document.createElement("script"); 
alert("Hello World");
e.src = "http://code.jquery.com/jquery-1.6.2.js";e.type="text/javascript"; 
document.getElementsByTagName("head")[0].appendChild(e);
};}

(After uri encoding) I did get "Hello World" alert box but I was not able to find the script while using 'inspect element' in chrome. or otherwise no script ran.

Improve this question

1 Answer 1

Reset to default
1

If I understand right - you want to include to add new JavaScript to the page. This is my solution

And about the inspect element - right click on the element and it is the last one of the menu.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

No, there is no bug - look at the result here
well thats wierd cause when I tried it through URI, only twitter was added (maybe it was because I included a local file in the middle).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.