Back Ground Concept about HTML Injection

HTML injection is a type of injection issue that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page.

Impact of HTML Injection

1. It can allow attacker to modify the page.

2. DOM can be load there.

HTML Injection Finding

Steps :

– Find an input Parameter either GET based or POST based.

– If your input Reflect back to you on web page there may be HTML i.

– Execute any HTML code, if you succeed to execute any HTML code there. Then there is HTML i.

Example 1: Attack Phase

Steps:

1. You need to find some vulnerable columns on the target website. We can use burp-suite – spider the website find out the parameters on the target website.

2. input a word over there if its reflect back then theers a chance of HTML i.

3. As we find out the vulnerable input here so we will try to inject HTMLi codes to effect the webpage.

<h1> you have bin hacked by lucifer!</h1>

<h1></h1> –  are the headers of the body in HTML code or its use for managing the web interface.

4.1GET BASE – Through URL cat=1 place 1 by hello

so it will reflect on the web page.

We can try this to effect the web page.

<h1> you have bin hacked by lucifer!</h1>

4.2

5. POST base – Through comment field

So we will try to inject the HTMLi code in the Name & Comment field:

if its reflect back the variables so we will try the SCRIPT

so it will reflect on the web page.

We can try this to effect the web page.

<h1> you have bin hacked by lucifer!</h1>

5.1

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *