Hello everyone, today we are going to learn about HTML injection vulnerability.
Before going into the article, if you are new to our website, please check out the account takeover labs that we have on our website, and they are totally free.
Now, let’s get back to the topic.
What is HTML?
HTML is defined as Hypertext markup language; it is a language that helps you build a webpage. And using it you can determine, where the paragraph should be on the webpage, where the user input should be, and whatnot. Everything comes. Mostly, all the websites use HTML language, and there might be a possibility of finding an HTML Injection.
What is HTML Injection?
Html Injection is a vulnerability that is quite like cross-site scripting. When it comes to Cross-site-scripting, the attacker injects JavaScript code and executes the JavaScript code if it is vulnerable, and when it comes to HTML injection, the attacker can be able to inject some HTML tags but not all.
Let’s have a practical look at vulnerability.
I am going to take a demo website for testing purposes http://testphp.vulnweb.com/
Attack Scenario:
1. Open the website.
2. Now, in the search field insert the payload mentioned below:
<h1 style=”color:Blue;”>Hello World</h1>
3. Now, click on the go button. And Hello World — will turn Blue.
4. Boom! The HTML Injection is present on the website. And it is vulnerable to HTML injection.
How to find these vulnerabilities in websites?
Steps to do that:
First, find all the user input fields, and see if the given input is reflected back on the website or not.
Now, try injecting the normal HTML tags like heading tags, for example.
After that, If the HTML code gets executed. Then, you found an HTML injection vulnerability. And don’t stop there.
As the input is getting reflected, try to inject JavaScript code. And if the JavaScript code gets executed. Now you can find XSS vulnerability.
What are the fields, where you can try to find HTML Injection vulnerability:
First name
Middle Name
Last Name
Username
Search Boxes
Any input field, which accepts the user input.
This would be the standard procedure to find HTML Injection vulnerability.
I hope you understand the article. And before ending the article I would like to give some write-ups and Hacker One reports that help you to find HTML injection vulnerability.
How to chain it to XSS
XSS stands for Cross-Site Scripting. It is basically javascript code being executed in place of HTML code. So if HTML code is getting executed, check if you can insert javascript code and get back the result. XSS has more impact than HTML, so your attack would have high severity. But XSS is not easily available or found as the web application sanitizes the javascript code or tags. So if your code is getting sanitized, you can try encoding your payload and then inserting the encoded payload.
I will give you a brief about how this works and how to find one in my future articles, but for now, let us not rush ourselves by learning all at once. So take your time and practice and see if you can find any HTMLi.
Till then take care and Happy Hacking!!!👋👋
0 Comments