11 Jan 2023
While HTML provides structure and content, JavaScript controls functionality. JS allows dynamic pages, like changing the styl of a button when a particular event happends on the page. JS is added within the page source code and can be loaded within <`script`> tags or referenced with the src attribute, <`script src="/location/of/javascript_file.js"><``/script>.
Sample code:
<!DOCTYPE html>
<html>
<head>
<title>TryHackMe Editor</title>
</head>
<body>
<div id="demo">Hi there!</div>
<script type="text/javascript">
//Enter JavaScript here
</script>
</body>
</html>
Change verbage:
<!DOCTYPE html>
<html>
<head>
<title>TryHackMe Editor</title>
</head>
<body>
<div id="demo">Hi there!</div>
<script type="text/javascript">
document.getElementById("demo").innerHTML = "Hack the Planet";
</script>
</body>
</html>
Change verbage on button click:
<!DOCTYPE html>
<html>
<head>
<title>TryHackMe Editor</title>
</head>
<body>
<div id="demo">Hi there!</div>
<script type="text/javascript">
</script>
<button onclick='document.getElementById("demo").innerHTML = "Hi there!";'>Hi there!</button>
<button onclick='document.getElementById("demo").innerHTML = "Hack the Planet";'>Hack Me!</button>
</body>
</html>
Happens when a website doesnโt properly protect or remove sensitive clear-text info to the end-user; usually in frontend source code. Developer may have forgotten to remove login credentials, hidden links to private parts of the site, or other sensitive data in HTML or JS. Information can potentially be leveraged for attack purposes.
One of the first things to do when assessing a web app for security issues is to view the source code looking for exposed login creds or hidden links.
Find the hidden password forgotten in the source code.
Vulnerability when unfiltered user input is displayed on page. Website should sanitize user input of any malicious text. If the site uses that information elsewhere on the page it can cause undesirable things.
Inject HTML to show a malicious link.
Link inserted, room finished. On to HTTP.