How to Use JavaScript Injections

PDF download Download Article
PDF download Download Article

JavaScript injection is a process by which we can insert and use our own JavaScript code in a page, either by entering the code into the address bar, or by finding an XSS vulnerability in a website. Note that the changes can only be seen by you and are not permanent. This is because JavaScript is a "client-side" language.

Sample Injections

Method 1
Method 1 of 1:

Using JavaScript Injections

PDF download Download Article
  1. Try these injections:
    • Note - If you use Firefox, you will have to use another way, like cmd-shift-k on a Mac
    • javascript:alert("Hello!");
    • To bring up an alert box saying "Hello!":
    • To bring up 2 alert boxes, the one in the front will say "Hello" and once you click OK, the one saying "World" will appear:
    Advertisement
    • To change the value of form [0] to something:
    • To change the background color to blue. You can put any other color in the place of blue to change it to a different color:
  5. \t\t" + location.protocol + "//" + location.hostname + "/" + "\nThe address URL is:\t\t" + location.href + "\n" + "\nIf the server names do not match, this may be a spoof.");
    • To see the real server name of the site you are looking at. You should use it if you think that you are viewing a spoofed website, or anytime just to make sure:
  6. javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.images; DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=Math.sin(R*x1+i*x2+x3)*x4+x5; DIS.top=Math.cos(R*y1+i*y2+y3)*y4+y5}R++}setInterval('A()',5); void(0);
    • To make pictures fly around. Make sure to find a site like Google Images so there are more pictures!(If you press the refresh button, it goes really fast, but might only work with macOS):
  7. javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.images; DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=Math.cos(R*x1+i*x1+x2)*x4+x5; DIS.top=Math.cos(R*y1+i*y2+y3)*y4+y5}R++}setInterval('A()',5); void(0);
    • To spin circle of pictures. It funnels the pictures in a snake-like motion:
    • To move things around on the webpage:
    9. Advertisement

Community Q&A

Search
Add New Question
  • Question
    Is this the equivalent of the JavaScript console?
    Community Answer
    Yes; this is much less limited, though. The JavaScript console in the dev tools has features such as auto-completion and can show your history of executed commands. Additionally, you can check things such as break points for analyzing and debugging your code.
    Thanks! We're glad this was helpful.
    Thank you for your feedback.
    If wikiHow has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission. Support wikiHow
    Yes No
    Not Helpful 1 Helpful 4
  • Question
    In Step 3, how do I select a form? The example specifies forms[0], but how do I actually specify a certain form if the code has several forms within it?
    Community Answer
    You can select forms from the website using document.forms. The forms[0] indicates that it is the 1st form on the page, because the collection starts at 0. You can make a form with the HTML form tag, and you can learn more at sites like w3schools.
    Thanks! We're glad this was helpful.
    Thank you for your feedback.
    If wikiHow has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission. Support wikiHow
    Yes No
    Not Helpful 2 Helpful 3
Ask a Question
200 characters left
Include your email address to get a message when this question is answered.
Submit
      Advertisement

      Video

      Tips

      • Only you can see the changes.
        Thanks
        Helpful 1 Not Helpful 0
      • The changes are not permanent. It's a static change that won't affect any server information.
        Thanks
        Helpful 1 Not Helpful 0
      • If you're using a browser with an address bar that doubles as a search bar (e.g., Google Chrome), make sure that after you type in the JavaScript code, you select your address bar for processing the code, not the search function.

        Thanks
        Helpful 0 Not Helpful 0
      Show More Tips
      Submit a Tip
      All tip submissions are carefully reviewed before being published
      Name
      Please provide your name and last initial
      Submit
      Thanks for submitting a tip for review!
      Advertisement

      You Might Also Like

      How to
      Turn On JavaScript
      How to
      Enable Webgl
      How to
      Disable JavaScript
      How to
      Enable JavaScript in a Browser on a Mac
      How to
      Enable JavaScript in Mozilla Firefox
      How to
      Change Button Color in Javascript
      How to
      Make a JavaScript Image Rollover
      How to
      Program Using Javascript
      Simple Ways to Create a Javascript Console in Sublime Text
      4 Ways to Print in JavaScript: Console, Window Alert, & More
      Advertisement

      Expert Interview

      Thanks for reading our article! If you’d like to learn more about dealing with html, check out our in-depth interview with Jessica Andzouana .

      References

      1. http://nexodyne.com/showthread.php?t=14736

      About This Article

      In other languages
      Thanks to all authors for creating a page that has been read 521,595 times.

      Is this article up to date?

      Advertisement