-2

Is it possible to change a javascript variable through the URL?

Here's an example of the code I'm trying to modify from a website. (www.example.com)

<script type="text/javascript">

var x = 0;

</script>

I want to change the variable x from 0 to 1.

I want to do this by appending something to the URL. I'm not sure about the syntax, but I think it may be something like this:

www.example.com#javascript: var=1;

Is it possible to change variable x by only modifying the URL?

EDIT: The duplicate question doesn't tell me how (if it's possible) to change the variable through the URL. Please let me know if that's not the case.

Related Question: https://security.stackexchange.com/questions/134240/modify-javascript-variable-with-url-exploit

Community
  • 1
  • 1
Josh B.
  • 414
  • 5
  • 14
  • JavaScript on the page can look at [`window.location`](https://developer.mozilla.org/en-US/docs/Web/API/Location) to decide what to do based on the URL. This requires the relevant JavaScript to already be present on the page. – user2864740 Aug 18 '16 at 17:02
  • That would be a serious security flaw, so browsers would not allow such a thing. If you control the JavaScript, you could (carefully) read part if the URL into a variable. – Alexander O'Mara Aug 18 '16 at 17:02
  • Please explain the reason for the downvotes. If you think it's a silly question, please just answer it. If it violates a site rule, please let me know. Thanks. – Josh B. Aug 18 '16 at 17:03
  • Please show an example URL from which you would like to retrieve/modify a variable, and show what the variable should become; without specifics this is a theoretical exercise and we're unable to offer any specific advice without guessing (which is of little use to you, and is too broad as a question). Incidentally I don't necessarily agree with the current close-reason, but unless you add some specifics the question is likely to remain closed, because we can't see that this question is not a duplicate. Or what this question is specifically asking. – David Thomas Aug 18 '16 at 17:06
  • Your questions shows a lack of research and is unclear. That's probably the reason for your down votes. – Alexander O'Mara Aug 18 '16 at 17:06
  • Sorry about that! I'll get to work clarifying it :) – Josh B. Aug 18 '16 at 17:08
  • @AlexanderO'Mara Let me know if it's still unclear. Thanks. – Josh B. Aug 18 '16 at 17:20
  • As I said before, no, directly injecting scripts by URL should not be possible without an XSS vulnerably. – Alexander O'Mara Aug 18 '16 at 17:34
  • @AlexanderO'Mara Ok, if you make that an answer, I can accept it :) – Josh B. Aug 18 '16 at 17:35
  • This question is closed, but I answered your other one on InfoSec. You might want to add the updated information from here though to make it a better question. – Alexander O'Mara Aug 18 '16 at 17:47
  • actually the question marked as duplicate seems to be exactly what you need. – Elzo Valugi Aug 18 '16 at 22:34

1 Answers1

0

you can use:

 if(window.location.href.indexOf("your_link_to_check") > -1) {
      var x = 1;
    }
fernando
  • 814
  • 1
  • 9
  • 24