.png)
3 years ago
138 BOOK THIS SPACE FOR AD
ARTICLE AD
HTML injection is a type of injection vulnerability that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. This vulnerability can have many consequences, like disclosure of a user’s session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims. Reflected GET attack scenario in which the input is sent in the URL, not the body.
Reflected GET Injection: occurs, when our input is being displayed (reflected) on the website. Suppose, we have a simple page with a search form, which is vulnerable to this attack. Then if we would type any HTML code, it will appear on our website and at the same time, it will be injected into the HTML document.
Security level: low
In the above picture we try to inject a html tag <script>alert(‘test’);</script> in the last name input field.
In this image from the burp suite, we can see the intercepted get request in which the Lastname parameter holds of the Html code we injected.
In this image we can see the <script> tag we injected is executed by the browser.%3Cscript%3Ealert%28%27test%27%29%3B%3C%2Fscript%3E is a encoded form of <script>alert(‘test’);</script>
Bengali (Bangladesh) · 
English (United States) ·