[HTML INJECTION]
GENERAL INFORMATION
DESCRIPTION: HTML injection allows an attacker to inject malicious HTML code through vulnerable web apps that can lead to modifications in the website’s design, information displayed to the victim. ::: COMMON ATTEMPTS C1 >> Normal test:<h1>EXPLOIT</h1> 1. Sometimes the applications are filtering the HTML tags as security mitigation, however, attempt to double URL encode the HTML tags. 2. Either can be tested using GET or POST. [differences will be reflected in URL when sending] ::: URL REFLECTED 1. Sometimes, it can be changed using the IP address. That is a finding or anything, it will look for header not for content. 2. Sometimes, document.write(document.URL) can be used to modify the URL. Just need to invoke it from browser or using burpsuite. It will be the same, the reflection will be on browser. SAMPLE: <script>document.write(document.URL)</script> ::: STORED HTML >> RETRIEVE ROBOTS.TXT FILE ON AN IFRAME. C1: <iframe src="robots.txt" height="200" width="300"></iframe> NOTE: Iframe can be used to invoke other sites, files and more. The parameter "src" help to retrieve external content.
©® - Since 2023