Monday, March 10, 2014

Potential JavaScript Code Injection to App

Below are javascript code as Proof-of-code Javascript Code Injection -
1. A JavaScript button could be injected
2. The button performs location.href to target site. In this case, a fake POC site to prove that it could be used for potentially malicious phishing or extend further payload execution to malicious site.
Click the button below - it could redirect a user to a potential malicious site ;)

<button onclick="location.href=''" id="1" value="1"/>BreakToProtect's Button

No comments:

Post a Comment