Changing all links: JavaScript for Pentesters task 2 write up

Oct 21, 2014 • jsp, javascript, security-tube, xss

Pentester Academy (under Securitytube) is one of the great infosec resources for people who wanted to take their skills to the next level. JavaScript for Pentesters is one of the latest courses by pentester academy which has over 21 challenges with varying difficulty. We will be updating the blog with the write-ups of each of them as we crack it.

Pentester Academy has a wonderful list of JavaScript challenges which will help us learn XSS by cracking through different sets of questions with varying difficulty. We have already covered the first challenge namely Modifying HTML with JavaScript – JavaScript for Pentesters task 1. Now let us see how can we crack the 2nd challenge. The question is as follows:

** JavaScript for Pentesters task 2**

There are a number of links given in the page (4 links to be precise). The objective is to change all the Links on that page to “http://PentesterAcademy.com/topics”. As always, like a Pentester, we should be systematic in trying to attack a target. So first lets us figure out if it is vulnerable to XSS. As always, lets try injecting an alert payload:

    
    <script>alert("XSS")</script>

As you can see, it will give you a pop up and yea, we have confirmed that the page is vulnerable to XSS. The next thing is to check out the page source code from which we can identify all the link attributes which we should modify. We can see that there are 4 links in total and we need to modify all of them so that it points to “http://pentesteracademy.com/topics”.

As shown in the source code, we have 4 links to modify. To modify an <a> tag we can use getElementByTagName("a") and then modify the corresponding href tags to the link that we want. The above command will return a list of all <a> tags present in the documents. Then we can use link.href = "URL". Since we have more than 1 link to be changed, we have to use a for loop so that all the links can be modified at once. The entire payload looks like this:

    <script>
    var links = document.getElementsByTagName("a");
    for(i=0;i<links.length;i++)
    {
    links[i].innerHTML = "Pentester Academy link " + [i];     
    links[i].href = "http://PentesterAcademy.com/topics";
    }
    </script>

You can copy the entire payload above and try to inject it. This will modify 2 things:

1) It will modify all the URL’s and will point it to “http://pentesteracademy.com/topics”

2) it will change the innerHTML of href tag and modify it to strings like Pentester Academy link 0 , Pentester Academy link 1 etc..

Note:

1) While playing with XSS challenges, it is always recommended to use Mozilla Firefox because Google chrome has inbuilt XSS stopper which will stop us from executing arbitrary JavaScript code even if the page is vulnerable to XSS. So its strongly recommended to use Firefox instead of chrome.

2) The solutions written above is the way we cracked the problem which might be different from the solution videos provided by the SecurityTube. If you need the solution video, you have to subscribe to PentesterAcademy.

We hope that you really liked this challenge. If there is anything you didn’t understand, wanted to get more clarity or if there is a better way to complete this challenge, please comment down and we are more than happy to help. Happy Pentesting..

Anirudh Anand

Product Security ♥ | CTF - @teambi0s | Security Trainer - @7asecurity | certs - eWDP, OSCP, OSWE