Page 2 of 2

Re: Javascript Injection help...

PostPosted: Mon Sep 23, 2013 2:16 am
by Name-already-taken
Sorry for posting in an old thread but my question fits in well here .
Java script injection can't make permanent changes can it ?
Other than javascript cookies to help log in . :?:

Re: Javascript Injection help...

PostPosted: Mon Sep 23, 2013 3:51 am
by -Ninjex-
Name-already-taken wrote:Sorry for posting in an old thread but my question fits in well here .
Java script injection can't make permanent changes can it ?
Other than javascript cookies to help log in . :?:


You mean to the actual website, server side? That wouldn't happen. JavaScript runs on the client machine and changes are temporary. It's similar to changing source code using Firebug or downloading the website and changing the files locally.

Re: Javascript Injection help...

PostPosted: Mon Sep 23, 2013 6:15 am
by Name-already-taken
I think I read in one of the hts articles that it might be possible .

Re: Javascript Injection help...

PostPosted: Mon Sep 23, 2013 6:22 am
by -Ninjex-
Name-already-taken wrote:I think I read in one of the hts articles that it might be possible .


If you could use some kind of JSI to advance privs, or send a crafted exploit then I suppose it is. However, this wouldn't be because of the JavaScript, it would be through a flaw elsewhere on the system, such as being able to exploit a login system using JS to login as admin. So at least I believe. Hopefully someone else can step into this post and enlighten us more :D

Re: Javascript Injection help...

PostPosted: Mon Sep 23, 2013 1:40 pm
by Name-already-taken
I suppose . Let's hope it happens soon . :D