HTML Injection Introduction


What is HTML injection?

As you know, HTML is used to design web pages. Yes, you’re right. But what happens if developer forget to sanitize the user input. What happens if developers doesn’t predict when a hacker use the application. Do you know what all could be done if this vulnerability exist? To inject you don’t even need a toolkit. You may deface the site, you may redirect the legit user to malicious site. You may change the content or images by injecting your own HTML code. But yeah, to injection something you need to know HTML basics. HTML injection is bit similar to XSS but the difference here is that you just use plain HTML for injection whereas in XSS you may use script tag with chunk of JavaScript code.

There are few types of HTML injection. You may see it in bWAPP application which we’ve installed earlier. Don’t worry we will do few exercises a moment later.

HTML Injection is categorized into four types:

1. Reflected – GET
2. Reflected – POST
3. Reflected – URL
4. Stored

Before that i would suggest one to know about HTTP verbs. Without knowing HTTP basics it won’t be much interesting. Click here to know Basic concepts.
I’ll try to keep this interesting as much as I can. We will do few hacks in next articles. Be ready, launch your bee-box VMware and login to bWAPP app. With this bWAPP you can try all OWASP TOP 10 vulnerabilities. If you think I missed anything, please post a comment below.

DISCLAIMER : THE INFORMATION PUBLISHED IN THIS ARTICLE IS FOR EDUCATIONAL PURPOSE ONLY. ANY MISUSE OF THIS INFORMATION WILL NOT BE THE RESPONSIBILITY OF THE AUTHOR OF THE WEBSITE. THIS IS JUST MY LEARNING EXPERIENCE AND EDUCATIONAL BLOG FOR PEOPLE WHO WOULD LEARN FROM MY EXPERIENCE
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s