HTML Injection Step by Step For Begineers


HTML Injection Step by Step For Begineers

Hello guys, hope you were doing good and practising so today in this post we will discuss about HTML injection and why HTML injection is risky.

What is HTML injection ?
HTML Injection, Hyper Text Markup Language Injection is a vulnerability which allows an attacker to inject a malicious script via specific parameter. Also HTML Injection is referred as a virtual defacement of web application.

The possible attveack scenario are demonstrated below

  1. An attacker can find a vulnerability and perform HTML injection vulnerability.
  2. An attacker can do phishing from the vulnerable website and send email to victim.
  3. The user visits the page due to the trust worthy domain and can Enter User Id and password which is sent to attacker server.

So lets start ..

  1. Firstly you need to find a website which is vulnerable to HTML Injection. Here I am using bWAPP lab.
  2. Here I have opened the page which is vulnerable to HTML injection. Just add your HTML code as shown below.

Html injection

3. As you can see I add my simple <h1> ahmed </h1> code and executed. this code is executed.

4. Now lets try with some html More html tag such as bold, colour, background e.t.c.

Html injection

See the above image i have modified its look using some basic tags. You can also perform XSS attack using HTML Injection as shown in below image.

Html injection

So let’s try to create a login form using this code.

<form action=”” method=”POST”>
Username: <input type=”text” name=”username”><br>
Password: <input type=”password” name=”pass”><br>
<input type=”submit” value=”Login”></form>

Make your any page or you can add you deface page change this code and and change you location.

<form action=”” method=”POST”>


Html injection

Just login with any username and password and see what happens.

Html injection

This page is shown after login of victim 🙁 and we got successfully ID and Password.

Keep Learning.. and Injecting but don’t harm an site.

Author: Ahmed Raza Memon

I am 17 years old Ethical Hacker, Penetration Tester, Web Security Expert and Exploit Writer From the India. My area of expertise includes Ethical Hacking, Vulnerability Assessment, Information Security Audits, Penetration Testing, Exploit Writing, Web Application security, Source Code Reviews, Forensic Investigation and Cyber Law. I have been Acknowledged by many top companies like Microsoft, Apple, SAP, AOL, Sony and many More...

1 thought on “HTML Injection Step by Step For Begineers”

Leave a Reply