HTML INJECTION IS TOO EASY VULNERABILITY
Hello infosec learner I’m Aniket and I’m Information Technology Officer in 5F ECO FOUNDATION OF INDIA. In this article, I explain to you my easiest finding known as HTML INJECTION. In Simple Word, an attacker is able to inject arbitrary Html code into a vulnerable web page through vulnerable input thats all. I hope you little bit understood about Html injection basically is similar to Cross-site scripting if you know about this then I extremely sure that you easily understand about HTML injection also. Now I was testing on a private program,So I’m not eligible to tell you about the details of a program, So for this, we called it private.com. Now First I started to get some subdomains, for this is I used my own script. I tell you about this an a upcoming article’s that how my script will give you boast power to build a career in InfoSecurity. After some time I see a unique subdomain for that time I feel shall I release my cyber-Jutsu on that sub-domain? Neither do I’m not wasting my time and start testing on it.
we directly jump on Html injection that is how I found it. So I see some creepy functions when I create my account after doing all the formality then entered name was reflected on the verification page. So I enter some XSS payload on that first name and also last name parameter but I can’t achieve anything, because that application blocks me when I enter some unwanted thing’s forever I go back and that time I enter <h1>Aniket</h1 on name input, So that time application doesn’t block me but it encodes my payload that was not good for me, after some time My nine tail beast tell me that application sends you verification mail, On that mail, it also adds your name that you entered, So if application vulnerable is also execute your payload successfully, then I check received mail from private.com.YEPP boom it will work. SEE
then I report immediately but I can’t get any response from the team However I believe that one day I become a Hokage of my report
When did you see that your chakra doesn’t flow in your body because your mind gives a question that what is the impact of a vulnerability? Answer:- Attacker easily executes successfully phishing attack on the behave of the vulnerable domain.
So, That was a happy ending but that was not my last one on that program because I find lots of vulnerability in that private program So I tell in the future. Now I leave this Thank you soo much for reading this……………………..
Please help our environment with the 5F Eco foundation of India
We can sit back, do nothing and watch our planet be destroyed. Or we can take action, become advocates, and start making lifestyle choices that are kinder to people and the planet
If Someone is interested to help our environment with the 5f eco foundation then Contact him
Linkedin:
https://www.linkedin.com/in/5f-eco-foundation-of-india-766674214/?originalSubdomain=in
Facebook:
https://m.facebook.com/5fecofoundationofindia/
Instagram:
https://www.instagram.com/5fecofoundationofindia/
Twitter:
https://twitter.com/5fecofoundation
Website:
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
And,
For contacting me please follow me on Linkedin: