Scribd
Upload
9 views6 pages

HTML Injection

HTML injection is a security vulnerability that allows attackers to insert untrusted data into web pages, potentially leading to malicious script execution, web page defacement, or sensitive information theft. The document outlines steps to reproduce the vulnerability and highlights the impact of HTML injection on website integrity and user trust. Proper input validation and sanitization are essential to prevent such attacks and enhance web application security.

Uploaded by

demotest702
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views6 pages

HTML Injection

HTML injection is a security vulnerability that allows attackers to insert untrusted data into web pages, potentially leading to malicious script execution, web page defacement, or sensitive information theft. The document outlines steps to reproduce the vulnerability and highlights the impact of HTML injection on website integrity and user trust. Proper input validation and sanitization are essential to prevent such attacks and enhance web application security.

Uploaded by

demotest702
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

HTML Injection

Summary:
HTML injection is a security vulnerability where untrusted data is inserted into a web page, and
it is then interpreted as HTML code by the browser. This can lead to various risks, including the
execution of malicious scripts, defacement of web pages, or stealing sensitive information. In
simple terms, HTML injection occurs when an attacker is able to manipulate the content of a
web page by injecting unauthorized HTML code. Implementing proper input validation and
sanitization is crucial to prevent HTML injection and enhance the security of web applications.or
scripting languages.

Link: https://e-learning.wildix.com/welcome/learn

Steps to Reproduce:
• Navigate to URL https://e-learning.wildix.com/welcome/learn & Login with any
account
• Click on Any Course/blog

• Click on Enroll

• Now click on Comments


• Enter the Random Comment & Send it to Repeater

• Now enter the Below payloads & click on send

<img src=https://static1.makeuseofimages.com/wordpress/wp-content/uploads/2023/03/blurred-
image.jpg><h3>Please login to unlock image Content</h3><a href=https://evil.com>click here
login..</a>

• Turn off the intercept & click on Reload


• HTML tags Reflected Successfully
• Click on click here to login

• Redirected to Evil.com and there is no External Warning to while Redirecting


• Now navigate to URL https://e-learning.wildix.com/welcome/learn in Another Browser
& login with victim Account
• Click on Article that we choose to exploit html Injection
• Click on enroll & click on Comments

• HTML injected to Public post & visible to all the member, Attacker can trick other users
to gain unauthorized Access

Impact:
HTML injection allows attackers to insert unauthorized code into web pages, leading to potential
consequences such as website defacement, unauthorized access to sensitive information, or the
execution of malicious scripts on users' browsers. This can compromise the integrity of web
content, harm user trust, and expose individuals to security risks. Preventing HTML injection is
crucial to maintain the security and reliability of websites.

You might also like