General discussion

Locked

The smallest hacking tutorial

By ebuild ·
Tags: Off Topic
blog root

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

The smallest hacking tutorial

by ebuild In reply to The smallest hacking tut ...

I present in few lines of this tutorial, how u can bypass the
client-side controle of forms and therefor forcing  "unexpected"
data to be injected in a data repositoty (R database, XML,files,...) or
instead of, cause an internal Error in the Server (The famous 500).
It is very easy but THE IDEA DOES REALLY MATTER.
YOU DON'T VERY NEED JAVASCRIPT/HTML KNOWLEDGE,JUST COPY'n'PAST.<strong>
THIS TUTORIAL IS JUST FOR EDUCATIONAL AND PREVENTIVE PURPOSE. </strong><strong>
I AM NOT RESPONSIBLE  FOR ANY DAMAGES RESULTS USING THIS TUTORIAL.</strong>
 
First  :
Look for any website that contains a form to be submitted,
click on submit button or any thing else that have <em>'submit</em><em> effect'</em><em>  </em>(without filling any input) ,
if popup is showing u <strong>'All fields must...'</strong> 
or  <strong>'Field email must be given'</strong> or somthings else so u may be in good place to begin.

Second :
In the File menu of the browser select save as...(keep the original file name). Now you have the page in your Hard Drive.
in your file browser right-click on the saved page, select open with, and choose any text editor, now you have
the source of the page.

Third :
Find in the source a line starts with <strong>'<Form'</strong>. if you find in this
line <strong>'onSubmit=...' </strong>delete it. If u don't find <strong>'onSubmit=...'</strong> go find
the submit button, you should have in this line <strong>onClick='...' </strong> or/and 
<strong>type='button' </strong>switch type to <strong>type='submit' </strong>and delete <strong>onClick='...'</strong>.


Forth :
Return to the browser and copy the URL from the adress bar.
In the source of the page, in the line starting with <strong>'<Form' </strong>u find
<strong>'action=agivenpage'</strong>, past just between <strong> '=' </strong> and <strong>'agivenpage'</strong>
u will get <strong>'action=TheUrlFromAdressBar/agivenpage'</strong> .Now save the changes and close the editor.
NB:If u find <strong>'action'</strong> is given empty or the word <strong>'action'</strong> doesn't exist
that means the same page of the Form have the code that process the
submited data so
u will get  <strong>'action=TheUrlFromAdressBar/TheSavedPage'</strong>,
TheSavedPage is one saved in the HD (don't forget the original name of
the file).

Fifth: The last action hero
Double click on the page and fill up the fields with unexpected data :
an url in the email field for example or just letters in birthday field.
CLICK SUBMIT

The results is to be continued ... BY U.
 

Back to After Hours Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums