I'm trying to make a PoC of reflected Cross-Site Scripting on a website that I'm testing right now. I've found a place inside of a Javascript code where commands can be injected, however the trouble is that there the previous block of code throws a 'not defined' error and therefore (at least I think so) my injected code is not executed. Is there any chance to execute the code anyway?
Here is the code:
UndefinedObject.Init({
Var1:"a",
Var2:"b",
Var3:"can_be_injected_with_JS_code")}
I can't inject any HTML tags as these are filtered by the application.
Many thanks!
Wrap them under try catch block.
In a sequence of execution, if the code fails, the remaining part will not be executed. Javascript errors ("Exceptions") can be caught using try...catch (if you are able to inject this try - catch also).
If there is a different flow (via another event), the code will continue.
You can either try using a try-catch, or if that won't help, try using window.onerror
Generally the right way of doing that is using try-catch-finally or try-finally :
If you make something about the error - log or do something else. Catch may be also used to execute your code, but not a good practice. You can do nothing about the error if you want, that`s why finally is used.
Finally is used when it is important to execute a piece of code, no matter if an error is thrown or not. For example in C++ or other language when you work with files inside finally the file is closed ( you can not leave it opened ). Look here for some examples.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.