Scribd Logo
Upload

Welcome to Scribd!

  • HTML Details

    Uploaded by

    khalid shaikh
    13 views1 page
    An attacker has exploited HTML injection on a website to modify the page and display a message that the site has been hacked. The document includes JavaScript that manipulates the DOM to change text within DIV tags based on the hash in the URL, allowing different messages to be shown. Links are provided to trigger displaying the messages within the designated DIV IDs.

    Original Description:

    Original Title

    HTMl details

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    An attacker has exploited HTML injection on a website to modify the page and display a message that the site has been hacked. The document includes JavaScript that manipulates the DOM to change text within DIV tags based on the hash in the URL, allowing different messages to be shown. Links are provided to trigger displaying the messages within the designated DIV IDs.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    13 views1 page

    HTML Details

    Uploaded by

    khalid shaikh
    An attacker has exploited HTML injection on a website to modify the page and display a message that the site has been hacked. The document includes JavaScript that manipulates the DOM to change text within DIV tags based on the hash in the URL, allowing different messages to be shown. Links are provided to trigger displaying the messages within the designated DIV IDs.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 1

    Exploitation of HTML Injection

    Modify the web page


    -----------------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    <h1>you have been hacked by OffesiveHunter</h1>
    <A HREF="http://bing.com/">OffensiveHunter</A>
    -----------------------------------------------------------------------------------
    ---------------------------------------------------------------------------DOM LOad

    -----------------------------------------------------------------------------------
    ---------------------------------------------------------------------------<script
    src="../js/jquery-1.7.1.js"></script>
    <script>
    function setMessage(){
    var t=location.hash.slice(1);
    $("div[id="+t+"]").text("The DOM is now loaded and can be manipulated.");
    }
    $(document).ready(setMessage );
    $(window).bind("hashchange",setMessage)
    </script>
    <body><script src="../js/embed.js"></script>
    <span><a href="#message" > Show Here</a><div id="message">Showing
    Message1</div></span>
    <span><a href="#message1" > Show Here</a><div id="message1">Showing Message2</div>
    <span><a href="#message2" > Show Here</a><div id="message2">Showing Message3</div>
    </body>
    -----------------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    You might also like