JavaScript codes can be injected in the address bars of web browsers to edit online forms before submitting them, bellow I am posting an example for archiving purposes.

Assuming the page has a contact form, where submitted data is sent to an email address included in a hidden HTML input tag as in the following code:

<form name="ContactForm" action="submit.php" method="post">
<input type="hidden" name="Email" value="" />

To change the email address to:, the following code can be injected:


Where ContactForm is the name of the form and Email is the name of the input tag.

To check that the value has actually been changed, view it with:


If the form has no name, check the form order in the page, if it is the first, you may refer to it using: forms[0]. Same thing applies to the input tag, you may refer to it using: elements[0].

This way, assuming the form is the first, and the order of the input tag in that form is 4, our codes will be:




One Response to “JavaScript Injection (Form Editing)”

Leave a Reply


Haider’s WebSpace
Welcome to my technical blog. This is where I write, archive and share computer related articles. Subjects vary from posting technical solutions to researching particular topics. Feel free to comment and talk IT!
Sponsored Links
My Tweets