The term Javascript Injection appears in a number of security articles. Most of these articles just mention that this type of attack can steal a user’s identity and exploit it, leaving out the details. We will focus on specific technical details including code samples.
The principle of the attack consists in inserting your own javascript code into the HTML page that is display to another user. For example, instead of the text of the post in the discussion forum, we can insert a tag which will then be insert into the page for all readers of this post.
If we manage to inject the script into
the pages display to other users, we still have two problems. First, we ne to obtain data representing the user’s identity. This step is often simple, as most web applications use some form of session management for identification, and all we ne to obtain is the session ID. The identifier is most often stor in cookies, which are available for JavaScript in document.cookie.
The second — and significantly more complicat — problem is getting that data into our hands. Let us recall here that our script runs directly in the browser of the attack user and does not have much possibility to transfer the stolen data anywhere else. Basically, the only reasonable way is to use the browser’s network functions and send the data (e.g. via HTTP) to our server.ion.n there.
The first thing that comes to mind for most web programmers is the use of the AJAX technique, more precisely the internal HTTP client that is available in JavaScript. Unfortunately, wheat will not bloom for us here, because most browsers quite switzerland phone number data actively prevent the so-call cross-site scripting . An AJAX request cannot be direct to a domain other than the one from which the display page originates. More precisely, it is necessary that the domain name, communication protocol and port number match.
Unfortunately, the aforemention
Security measure only complicates the life of programmers, but does not stop sneaky attackers at all. Now we will show two ways to do without AJAX.
Browser rirection
The first, rather hackney, way to send data to a foreign server is to rirect the browser to this server. In the URL, we can encode the data being sent as well as the original URL from which we are sending the data. The embd script could look like thus:
The function location.replace()will rirect the 40% of gen z want more content from brands browser to the new URL and at the same time will not log this change to the page history. Our script hack.phpthen processes the stolen bw lists cookies and rirects (HTTP Rirect) back. HTTP rirects are also not sav in the browser histor.