Learn HTML Injection attack tutorial for hacking websites on a real time website
Hey everyone, I hope you all are doing good. In this article, we are going to learn about HTML Injection which is an attack used for hacking website.
This article is divided into three section:-
1- Introduction to HTML Injection.
2- Where to find HTML Injection?
3- HTML Injection in real life.
So, let’s begin.
HTML injection is a web application vulnerability that allows any attacker to embed their own html code in a webpage. In simple terms, it can be used by any attackers to add their own html code inside a website.
Let’s take a practical example
In the website above, you can see that it have a search feature. Let’s try to search something.
As you can see, i tried to search for “Faiyaz” and got this webpage. We can see that “Faiyaz” is reflecting on the webpage. By analyzing this, we can conclude that “Faiyaz” is rendering in the webpage. To confirm this, let’s search for “anything” on the webpage.
Great! We are now sure that whatever we type in the search field, it will get rendered on the webpage. Now, what will happen if we type any html code(<h1>Faiyaz</h1>) in the search field.
As we can see, the “Faiyaz” text highlighted. It confirms that our code i.e <h1>Faiyaz</h1> got rendered in the webpage successfully. Go ahead and play with this on http://testphp.vulnweb.com.
I hope you understand about HTML Injection. You can read about this vulnerability in more depth at https://www.acunetix.com/vulnerabilities/web/html-injection/
WHERE TO FIND HTML INJECTION FOR HACKING WEBSITES?
You can find HTML injection wherever the web application accepts any user input and get reflects on the webpage. It can be in:
- Input Fields (Like the example above)
- GET Parameters(Like https://example.com/?id=<h1>Hi</h1>)
- Headers(Like X-Forwarded-Host: <h1>Hey</h1>)
- POST Parameters(Like username, password etc)
3- HTML INJECTION IN REAL LIFE FOR HACKING WEBSITES
I started hunting on these two functionality for about 4 hrs and got nothing. Then after taking break for a day, I started hunting again. This time i started looking for HTML Injection. So, i tried to register on the website again and noticed few things:
- The signup functionality asks for email address,username and password.
- When i click on signup after filling those details. An email for confirmation gets send to my email account.
- Inside that email it contains something like this
“Hey Faiyaz, Please verify your account here: https://verificationlink.com/”
And here “Faiyaz” is the username which i filled while signing up to the website.
Noticing all these behavior, I tried to fill the signup form again but this time I provide the username below:
And to my surprise, I got the result below:
As you can see, our tag got rendered successfully. I reported this bug to the company and they accepted it within a week.
Check out this amazing article on hacking websites through file uploads: https://bepractical.tech/unrestricted-file-uploads/
So, that is it for this article. I hope you all learnt about HTML Injection. Let’s meet again in a new article. Till then,