.png)
2 weeks ago
31 BOOK THIS SPACE FOR AD
ARTICLE ADIn this I will be sharing my one of the most interesting finding.
I found that in target.com the input area (in my case it is notes area in a web app) which value get stored is vulnerable to HTML Injection,
validated with simple payload,
<h1>test</h1> here it get stored
Tried to escalate it to stored XSS but failed to do so.
Url Redirection
As we know that the htmli has very lower impact. To make it more impact full and increase severity, I used the following payload.
<meta http-equiv = “refresh” content = “2; url = http://evil.com" />
This means the page will automatically redirect to evil.com after 2 seconds (can be set to any time). Which is stored now, so, whenever a victim is on the page it will auto redirect each time without any interaction of vicitm such as clicking etc.
Note that this payload doesn’t shows anything such as the url in webpage but it is hidden thing. This won’t give any hint to victim of anything being malicious in the webpage.
NOTE: Can’t attach images due to privacy reason.
Connect on Linkedin: https://www.linkedin.com/in/muhammad-abdullah-32a753208/
Bengali (Bangladesh) · 
English (United States) ·