Html Injection
HTML Injection is an attack that is similar to Cross-site Scripting (XSS). While in the XSS vulnerability the attacker can inject and execute Javascript code, the HTML injection attack only allows the injection of certain HTML tags. When an application does not properly handle user supplied data, an attacker can supply valid HTML code, typically via a parameter value, and inject their own content into the page.
Exploitation
The webapp takes in user’s firstname and lastname and then displays a welcoming message.
Let’s supply our firstname and lastname as firstname: html, lastname: exploit .
We got a text saying welcome html exploit. Since it was reflecting our input back, it might be vulnerable to html injection if it does’nt sanitize user’s inputs. We can further inspect the page.
We will inject html button in the firstname field and html link in the lastname field and see whether they will be displayed on the page. Our inputs will be something like <button>Click</button> for the firstname field and <a href=#>Here</a> for the lastname field.
As you can see, the button and link appeared on the page.
Mitigations
- Filter metacharacters from user input.