Home/ Questions/Q 6026883
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T04:30:36+00:00

I want to test a site against javascript injection. I am familier with following

  • 0

I want to test a site against javascript injection. I am familier with following syntaxes which are working fine.

javascript:alert(document.cookie);
javascript:void(document.cookie="authorization=true");
javascript:void(document.cookie="authorization=true");javascript:alert(document.cookie);
javascript:void(document.forms[0].email.value="test@test.com");

I tried following to inject a loop

javascript:for(i=0;i<10;i++){document.forms[0].t1.value=i;}

It is working. But clering all the contents of browser and prints ‘9’ (result).

Is there any way/sybtax to inject a loop so i can run/call a function/statement multiple times. Or any tool/utility/aadon which can help me.

*I can run the site only in IE.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Add void(0); to the end of your code:

    javascript:for(i=0;i<10;i++){document.forms[0].t1.value=i;}void(0)

    However, you may want to move your code into a closure; you’re modifying a global variable named i. Here we combine this with void as well:

    javascript:void(function(){for(var i=0;i<10;i++){document.forms[0].t1.value=i}}())
    • 0