Now it’s really simple to edit some form variables to change fiend names of even values. Lets imagine a page that sends the admin his password every time he clicks on a button:
This should be written directly into the url bar:
Then we run the code by charging the url, then to view the results all you have to do is refresh the page.
Now read understanding the line:
first running the command :
then we define the variable we want to change:
This means that we want to modify one of the forms inside the document, actually the form number 0. If it was the second form in then page then we would use:
document.forms.email.value. Next we precise the name of the input control we want to modify followed by the field: …
So there you have it, you change the address of the recipient to your own for example then send a mail
Now you can see that the cookie actually holds onto the variable “rights” which means that we can easily try to change it’s value and check out the results by running a command like this one:
With that line we just changed the value of uid from 2 to 1 which means that if the website treats uid 0 users as administrators then we are now admins Thankfully this is a vulnerability based on trusting users that’s being found less and less in the wild.