JavaScript URL Bar Injection

This is more of a reminder for myself since I did something like this before but forgot how to do it again.

OK, a single line injection is easy.

For example: entering javascript:alert("Hello, World!"); into the URL bar will result you a dialog box with Hello, World! in it.  This does not really do anything useful, but you can replace the "Hello, World!" literal with say... document.getElementById("container").innerHTML so you could reflect on the content of the #container element.  That's a little bit more useful for debugging.

Doing javascript:void(document.getElementById("container").innerHTML = "Hello, World!"); is more useful when you want to mess around with an element content.  With this method, you can inject HTML elements into existing DOM.

Now, what if you have a pretty complex code fragment that you want to inject into the URL bar?  For example, when I inject my JavaScript, I want to execute 2, 3, or more JavaScript statement.  How could I do something like that?

It turned out that it wasn't that difficult.

Here is an example of how to do just that...

javascript:void(function(){alert("Boo");alert("Foo");}());

Hopefully I won't forget this again. Hehehe.

Happy JavaScripting...

Share this post: | | | |
Published Thursday, February 28, 2008 3:07 PM by Jimmy Chandra
Filed under:

Comments

# re: JavaScript URL Bar Injection

This technique is only affected on Windows 2000 (before SP4) or older version. You can also doing JavaScript injection using Nikhil's Web Development Helper (running as IE plug-ins).

Saturday, March 01, 2008 8:52 PM by cahnom

Leave a Comment

(required) 
(required) 
(optional)
(required) 

Enter the numbers above: