Assuming the page has a contact form, where submitted data is sent to an email address included in a hidden HTML input tag as in the following code:
… <form name="ContactForm" action="submit.php" method="post"> <input type="hidden" name="Email" value="firstname.lastname@example.org" /> …
To change the email address to: email@example.com, the following code can be injected:
Where ContactForm is the name of the form and Email is the name of the input tag.
To check that the value has actually been changed, view it with:
If the form has no name, check the form order in the page, if it is the first, you may refer to it using: forms. Same thing applies to the input tag, you may refer to it using: elements.
This way, assuming the form is the first, and the order of the input tag in that form is 4, our codes will be: