I am trying to hack a page that requires a "username" and "password". I have created a form and I think it looks good;
<form action="http://hackmefff.co/login">
<input type="hidden" name = "username" value="hacker">
<input type="hidden" name = "password" value="b678jk">
</form>
People have told me that my form looks good and that I need to create a request in javascript. I don't know how to create one because I just started learning javascript yesterday. I have searched on how to create a request of submit, and all I see is functions that look like they are making a form, which I already have, so am confused. How would I send a request to log me into a website, assuming that url exists, and both name and password are correct.
EDIT:
I have formatted the code below because I don't want the page to show any text at all even though am logged in, it should just be blank. But a test page shows that I didn't get logged in;
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Test page for your custom form</title>
<script type="text/javascript">
function submitform()
{
document.yourform.submit();
}
</script>
</head>
<body>
<form name="yourform" action="http://hackmefff.co/login">
<input type="hidden" name = "username" value="hacker">
<input type="hidden" name = "password" value="b678jk">
</form>
<input type='hidden' name='query' />
</body>
</html>
<html>
<head>
<title>Test page for your custom form</title>
<script type="text/javascript">
function submitform()
{
document.yourform.submit();
}
</script>
</head>
<body>
<form name="yourform" action="http://hackmefff.co/login" method="post">
<input type="hidden" name = "username" value="hacker">
<input type="hidden" name = "password" value="b678jk">
</form>
Search: <input type='text' name='query' />
Login
</body>
</html>
Note that I have modified your form slightly to include a name so that we can reference it from the JavaScript function.
This answer of course assumes that you have to use JavaScript.
You don't need Javascript for that, just add a submit-button to your form:
<input type="submit" value="Submit">
Related
I am still studying php and java script.
I am creating a simple contact form and set the form action to the same page using $_Server[php_self]
What I want to do is when someone submit to my form, it will show a message including the name that was submitted on the same page. replace the contact form with the message.
I also tried pointing action to a different php page. and it still did not work.
Does Javascript work like that? or I have to use different code or language to do that.
Here is my code
<!DOCTYPE html>
<html>
<head>
<?php
include 'action.php';
?>
<title> My profle</title>
<meta name="robots" content="noindex">
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="contact">
<form class="form" class="contact" id="contact-form" action="action.php" method="POST">
Name: <br>
<input type="text" class="field" name="name"><br>
Number:<br>
<input type="text" class="field" name="number"><br>
Email:<br>
<input type="email" class="field" name="email:>"<br>
<br>
<input type="submit" class="submit" name="submit" value="submit"
onclick ="document.getElementById('contact-form').innerHTML='<?php thankyou();?>'">
</form>
</div>
</body>
</html>
Then here is the action.php
<?php
function thankyou(){
$name = $_POST['name'];
echo "Thank you"." $name ! Your message has been submitted.";
}
?>
You have a couple of different problems here.
The first is a lack of understanding about the timing of when PHP and JS run.
The second is that DOM changes are lost when a new page is loaded.
This is what is happening:
The browser requests the page
The PHP runs ($_POST does not have a name key)
The browser gets the page
You click the submit button
The JavaScript runs, and set the innerHTML (remember that the PHP ran back at step 2)
The form submits causing the browser to navigate to a new page
The PHP runs again
The browser gets the new page … and the DOM changes make to the previous page are lost
Further reading: What is the difference between client-side and server-side programming?.
I'm open to hearing better ways to do this in the comments, as this is off the top of my head and I know there are better solutions... but here's what I would do in your situation:
<!DOCTYPE html>
<html>
<head>
<title> My profle</title>
<meta name="robots" content="noindex">
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="contact">
<form class="form" class="contact" id="contact-form" action="" method="POST">
<?php
if(isset($_POST)){
//process data however (I'm assuming) you need to - even if just posting to another script at this point...
echo 'Thank you '.$_POST['name'].' ! Your message has been submitted';
}
else{
echo 'Name: <br>
<input type="text" class="field" name="name"><br>
Number:<br>
<input type="text" class="field" name="number"><br>
Email:<br>
<input type="email" class="field" name="email"><br>
<br>
<input type="submit" class="submit" name="submit" value="submit">';
}
?>
</form>
</div>
</body>
</html>
Test scenario:
Type "hello" in the textbox, you should see "hello" written in the page
Now click the "test" link (it's just a link to itself with a query string &test=1)
Now type "world" in the textbox, you can see that it doesn't get written in the page anymore.
Why is this happening?
You can test this page on a .php page:
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" href="http://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.min.css" />
<script src="http://code.jquery.com/jquery-latest.min.js"></script>
<script src="http://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.min.js"></script>
</head>
<body>
<form id="search_form" method="post">
<label for="search">Search:</label>
<input type="search" id="search" />
</form>
<script type="text/javascript">
$('#search_form').submit(function (event) {
window.location.href = '<?=$_SERVER['PHP_SELF'].'?s='?>' + $('#search').val();
event.preventDefault();
});
</script>
<br /><br />
<?php $s = filter_input(INPUT_GET, 's'); ?>
Query string: <?=$s?>
<br /><br />
test
</body>
</html>
Demo URL: (removed after problem solved)
Since you are using Jquery Mobile, all links are executed via AJAX by default. This will confuse this script of yours. I would suggest suppressing this in the link.
test
This will allow the link to be treated like normal and will execute the URL without AJAX.
I have 2 HTML files like this.
parent.html
<form method='get' action=''>
<input type='hidden' name='something'>
<input type='button' name='submit' value='Submit' onclick='newwindow=window.open("child.html","popup","height=150,width=200");'>
</form>
child.html
Enter Something Here<br />
<input type='text' name='somethingelse'>
<input type='button' name='submit' value='OK'>
When the user clicks on Submit button in parent, a new popup window will show up and ask him to enter something.
Can anybody please tell me how can I transfer the value of input[somethingelse] from
child to input[something] and submit the form in parent after the user has clicked OK?
You can get a reference to the form in the parent window via window.opener.document, like this:
var form = window.opener.document.getElementById("theFormID");
(You'd give the form an ID, although there are other ways to do it.)
Then you can access the fields in that form, and of course set their .value property, and you can submit the form via its .submit() function.
But fair warning: Users don't like pop-ups. If there's any way you can just incorporate the other field into the form, I would recommend that instead.
Here's a full example: Live Copy | Source | Source of popup
The main page:
<!DOCTYPE html>
<html>
<head>
<meta charset=utf-8 />
<title>JS Bin</title>
</head>
<body>
<form id="theForm" action="" method="GET">
<input type="text" id="theField" name="theField">
<br><input type="submit" value="Send" onclick="window.open('/urawum/1','','height=400,width=400'); return false;">
</form>
</body>
</html>
The popup:
<!DOCTYPE html>
<html>
<head>
<meta charset=utf-8 />
<title>JS Bin</title>
</head>
<body>
<p>Please fill in more information:</p>
<input type="text" id="thePopupField">
<br><input type="button" value="Send Form" onclick="doTheSubmit();">
<script>
function doTheSubmit() {
var doc = window.opener.document,
theForm = doc.getElementById("theForm"),
theField = doc.getElementById("theField");
theField.value = document.getElementById("thePopupField").value;
window.close();
theForm.submit();
}
</script>
</body>
</html>
If you run that, you find that when you click Send on the main page, it does the popup. If you fill in a value in the popup and click Send Form, the popup disappears and the form is submitted. You can tell the form is submitted with the value because I've used method="GET" and so you can see theField=yourValue in the query string in the URL of the resulting page. For instance, if you type "my value" into the popup, you'll see the URL http://jsbin.com/abiviq/1?theField=my+value in the main page after the form submit. (But your form presumably uses POST rather than GET, I'm just using GET to demonstrate.)
$('#popupformid').submit(function() {
var myVar = $('#somethingelseid').val();
$('input:text.something').val(myVar);
document.getElementById("formID").submit();
});
I am trying to run a Javascript redirection code on the Window Phone 7's in-app browser, but the redirection does not seem to occur at all.
Snippet:
<script type="text/javascript">
function sform() {
document.forms["frm"].submit();
}
</script>
</head>
<body onload="sform()">
<form action="https://payment-endpoint-url.com" method="POST" name="frm">
<input type="hidden" name="Ref_ID" value="***" />
<!--- some other data that varies depending on the transaction -->
</form>
</body>
I have tried every possible way to make a HTTP POST redirect using Javascript and have also tried a few IE-specific methods, but they do not work. Is there a workaround for this? Could it be a new security feature that disallows redirect?
This code seemed to work for me:
<html>
<head>
<script type="text/javascript">
function sform() {
document.getElementById("submit1").click();
}
</script>
</head>
<body onload="sform()">
<form action="https://payment-endpoint-url.com" method="POST">
<input type="hidden" name="Ref_ID" value="***" />
<input type="submit" value="Go" id="submit1" />
</form>
</body>
</html>
Take a look at this html:
<head>
<title>Test page</title>
<script type="text/javascript">
function submitForm() {
document.getElementById("form2").submit();
}
</script>
</head>
<body>
<form id="form1" name="form1">
<input type="hidden" name="test1" value="test" />
<form id="form2" name="form2" action="http://google.com">
<input type="hidden" name="test2" value="nothing" />
</form>
</form>
Submit
</body>
Thing I want to do is submitting form2 located within form1 with a javascript. I want this to be done by submitForm() function. The problem is that it doesn't appear to work. I'm using FireFox for testing and always get an error which says that it's undefined. Does anybody know how I can get it working? Thanks in advance!
You can't nest HTML forms like that. End form1 before starting form2. Duplicate the hidden input if necessary.
Well, given that you have no element with the ID "xxx", I could see where your script might have some difficulty. Perhaps you mean "form2"?