HTML injection is a type of injection vulnerability that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. This vulnerability can have many consequences, like disclosure of a user’s session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims.
This vulnerability occurs when user input is not correctly sanitized and the output is not encoded. An injection allows the attacker to send a malicious HTML page to a victim. The targeted browser will not be able to distinguish (trust) legitimate parts from malicious parts of the page, and consequently will parse and execute the whole page in the victim’s context.
Upon selecting the vulnerability, “HTML Injection — Reflected (URL)”, you will be provided with the following page which reflects the current page URL to the user.
Let’s fire up Burp Suite and intercept the traffic to see what is going on here.
First, let’s append something to the end of the URL and check whether it is reflected to us.
After hitting the Forward button in Burp Suite, we can see that reflected URL has been changed,
Now it is time to perform HTML injection attacks. We can try appending something at the end of the URL again but this time with some HTML tags.
After hitting the Forward button, we can see that the attacker is able to inject arbitrary HTML code into the vulnerable web page.
You can test this attack further with different HTML tags of your choice.
Your thoughts/comments are welcome. Connect me via LinkedIn.