I’m preparing for my final exam for a class and am attempting to rework homework problems. This is one of them that I got zero credit for the first time around.

The goal of this exercise was to create a URL that would point to the page with the HTML below, and instead of showing the collaboration policy intended, it would show my own, user created collaboration policy.

Attempted the following without success…

Escaped this

<script>document.getElementById('collab').firstChild = 'test';</script> 

using this website
http://www.xs4all.nl/~jlpoutre/BoT/Javascript/Utils/endecode.html

and added it like this…
http://www.cs.edu/vulnerable.html/?%5Binsert escaped script here] and it didn’t work. Any ideas on where I’m going wrong here?

Here is the HTML code (vulnerable.html) for the page we are suppose to exploit.

<html><head>
<script>
function loaded() {
  var parsed = document.location.href.match(/\?(.*)/);
  if (parsed && parsed[1])
    eval(unescape(parsed[1]));
}
</script>
<title>Example Page Title</title></head>
<body onload="loaded()" bgcolor="#ffffff">
<font face="Arial,Arial,Helvetica">

<table border=0 cellspacing=4 cellpadding=4>
<tr>
<td valign=top width="20%" bgcolor="#ffff66">
&nbsp;<p>
&nbsp;<p>
&nbsp;<p>
<a href="home.html">
Home</a> <p>

Course description <p>
<a href="notes.html">
Lecture notes</a> <p>
<a href="assign.html">
Assignments</a> <p>
<a href="ref.html">
Reference</a> <p>
&nbsp;<p>
&nbsp;<p>
&nbsp;<p>

</td>

<td valign=top width=800>

<h2 align=center>
Example course title
</h2>
<p>
<h3 align=center>Fall 2010</h3>
<p>


<h2>Syllabus</h2>

Syllabus here...

<h2>Collaboration policy</h2>

<P id="collab">
All assignments are strictly individual.  No collaboration
is permitted.



</td>
</tr>
</table>

</font>
</body>
</html>