Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Trying a Remote Injection - Help
Posted by: almostthere
Date: May 08, 2008 08:46PM

I'm trying to inject javascript into a remote web page through the img tag.

Here is a the scenario.

An image is called from a remote web page i.e. a forum avatar. The only option available to me is using the img tag to call a php script that attempts to inject javascript into the DOM. (no forms are available)

I'm trying to inject a js file, so that I can remotely add code in the next transaction.

Frankly, my knowledge is limited, and I have tried some of the solutions in the threads here. I started simply, but can't even get a js alert to work on a remote page (haven't even tried the avatar thing yet).

Ideally, I would have the code injected into the head, but the body will do.

I've read the threads on php and images here (can't seem to get it to work).

I would appreciate if someone could tell me if what I want to do can be accomplished.

I think my problem is writing the code from php into the DOM, I've used a packet sniffer to watch the http request and response. I see that the php is sending text to the remote page, but I can't get it to load into the DOM as a javascript code. So I know it's not being eval'd (maybe the wrong term).

Any help is really appreciated.


Options: ReplyQuote
Re: Trying a Remote Injection - Help
Posted by: tx
Date: May 08, 2008 08:58PM

Afaik, there is no way to execute javascript in the way you are detailing (an img tag that references a document with javascript in it). Have you considered using an event handler instead?

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: Trying a Remote Injection - Help
Posted by: almostthere
Date: May 09, 2008 10:58AM

Actually, I didn't, will give it a try adding say the onerror=.


Options: ReplyQuote

Sorry, only registered users may post in this forum.