Pages

Monday, March 10, 2014

Potential JavaScript Code Injection to App

Below are javascript code as Proof-of-code Javascript Code Injection -
1. A JavaScript button could be injected
2. The button performs location.href to target site. In this case, a fake POC site to prove that it could be used for potentially malicious phishing or extend further payload execution to malicious site.
Click the button below - it could redirect a user to a potential malicious site ;)
-BreakToProtect

</script>
<button onclick="location.href='http://www.potentially-malicious.site'" id="1" value="1"/>BreakToProtect's Button
<butt

1 comment: