HTML-Injection
Last updated
Last updated
π What Is HTML Injection ?
π€ Why HTML Injection Happen ?
β Impact
π How To Find
π Referance
HTML injection is an attack that is similar to Cross-site Scripting (XSS). While in the XSS vulnerability the attacker can inject and execute Javascript code, the HTML injection attack only allows the injection of certain HTML tags.
HTML injection is a type of injection vulnerability that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page.
This vulnerability occurs when user input is not correctly sanitized and the output is not encoded.
For example, malicious HTML code can be injected via the innerHTML JavaScript method usually used to render user-inserted HTML code.
If strings are not correctly sanitized, the method can enable HTML injection. A JavaScript function that can be used for this purpose is document.write().
It can allow an attacker to modify the page.
To steal another personβs identity.
The attacker discovers an injection vulnerability and decides to use an HTML injection attack.
The attacker crafts malicious links, including his injected HTML content, and sends it to a user via email.
The attackerβs injected HTML is rendered and presented to the user asking for a username and password.
The user enters a username and password, which are both sent to the attackerβs server.
Like XSS and DOM-Based XSS check every endpoint or parameter that accepts your HTML tags or source code functions that render Html Content
βΆ You Can Know More about HTML