Haiders WebSpace » Forms http://blog.creativeitp.com Let's talk about IT Sat, 27 Feb 2010 13:15:05 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 JavaScript Injection (Form Editing) http://blog.creativeitp.com/posts-and-articles/javascript/javascript-injection-form-editing/ http://blog.creativeitp.com/posts-and-articles/javascript/javascript-injection-form-editing/#comments Thu, 07 Jan 2010 20:40:52 +0000 Haider al-Khateeb http://blog.creativeitp.com/?p=148 JavaScript codes can be injected in the address bars of web browsers to edit online forms before submitting them, bellow I am posting an example for archiving purposes.

Assuming the page has a contact form, where submitted data is sent to an email address included in a hidden HTML input tag as in the following code:

<form name="ContactForm" action="submit.php" method="post">
<input type="hidden" name="Email" value="admin@website.com" />

To change the email address to: myemail@hotmail.com, the following code can be injected:

javascript:void(document.ContactForm.Email.value="myemail@hotmail.com");

Where ContactForm is the name of the form and Email is the name of the input tag.

To check that the value has actually been changed, view it with:

javascript:alert(document.ContactForm.Name.value);

If the form has no name, check the form order in the page, if it is the first, you may refer to it using: forms[0]. Same thing applies to the input tag, you may refer to it using: elements[0].

This way, assuming the form is the first, and the order of the input tag in that form is 4, our codes will be:

javascript:void(document.forms[0].elements[3].value="myemail@hotmail.com");

and

javascript:alert(document.forms[0].elements[3].value);
]]> http://blog.creativeitp.com/posts-and-articles/javascript/javascript-injection-form-editing/feed/ 1 Basic Form Validation http://blog.creativeitp.com/posts-and-articles/javascript/basic-form-validation/ http://blog.creativeitp.com/posts-and-articles/javascript/basic-form-validation/#comments Fri, 13 Mar 2009 05:57:02 +0000 Haider al-Khateeb http://blog.creativeitp.com/?p=22

Who doesnt need to implement a data validation technique along with every online form?

Bellow is a basic javascript code to check that no form is submitted with empty fields:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

<html>
<head>
<script Language="JavaScript"><!--
function Validator(Form)
{
 
  if (Form.UserName.value == "")
  {
    alert("Please enter a value for the \"User Name\" field.");
    Form.UserName.focus();
    return (false);
  }
 
  if (Form.Password.value == "")
  {
    alert("Please enter a value for the \"Password\" field.");
    Form.Password.focus();
    return (false);
  }
 
  if (Form.FullName.value == "")
  {
    alert("Please enter a value for the \"Full Name\" field.");
    Form.FullName.focus();
    return (false);
  }
  return (true);
}
//--></script>
</head>
 
<body>
<center>
<form name="Signup" action = "submit_form.php" method = "post" 
onsubmit="return Validator(this)" >
Username: <input type ="text"  name="UserName" size="20"> <b>-</b> 
Password: <input type ="text"  name="Password" size="20"> <b>-</b> 
Fullname: <input type ="text"  name="FullName" size="20"> <b>-</b> 
<input name="Submit" type="submit" value="Submit">
</form>
</center>
</body>
</html>

]]> http://blog.creativeitp.com/posts-and-articles/javascript/basic-form-validation/feed/ 0