HTML injection is a type of injection issue that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page.
This vulnerability can have many consequences, like disclosure of a user’s session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims.
In the blank fields enter your name, and click on go.
Now if you focus the name we put is now showing in the URL
Because this application is vulnerable to HTML injection we can inject HTML <h1> tag which will reflect our name. and if we want we can even inject any URL, by clicking the user will be redirected to that site.
Now if the user will click on teck then he will be redirect to google.com .
You can also inject the HTML tags like this
Twitter / Hack The Box / CTF Team / Teck_N00bs Community Telegram
Comments