SQL INJECTION I’m sure you’ve heard it for a long time, but HTML INJECTION is less well known. But it is no less dangerous than SQL INJECTION. So, in this article, we will learn what HTML INJECTION is and how to use it to attack.

There are some people who often joke about using HTML to hack NASA, but you may not know, taking advantage of a hole in the PHP configuration, we can Hack Website with HTML in a simple way.

What is HTML Injection?

HTML injection is a web application vulnerability that allows any attacker to embed their own html code into a web page. In a word, it can be used by any attacker to add their own html code inside a web page.

Let’s take a practical example:

In the website above, you can see that it has a search feature. Try searching for something.

As you can see, I tried searching for “Faiyaz” and got this result. We can see that “Faiyaz” is mapping on the website. By analyzing this, we can conclude that “Faiyaz” is showing up in the website. To confirm this, search for “anything” on the website.

So I guessed right. Now we have made sure that whatever we type in the search field, will be displayed on the web page. Now, what if I type

Faiyaz

into the search field.

As we can see, the words “Faiyaz” are bold. It confirms that the html code i.e. Faiyaz has been displayed on the website successfully. You can continue to try other html codes on the site http://testphp.vulnweb.com.

How to find HTML Injection errors

You can insert HTML code anywhere on the web application as long as it accepts any user input and maps it onto the web page. It can be in:

• Input fields (Like the example above)
• Get parameter (Like https://example.com/?id=Hi)
• Title (Like X-Forwarded-Host:
  

  Hey

  )

• POST Parameters (Like username, password, etc.)

HTML Injection in practice

This is the story when I was searching on a private program about 2 months ago. The site has 2 functions:

1. Login
2. Signup

I started searching for these two functions for about 4 hours and got nothing. Then after resting for a day, I started hunting again. This time I started looking for HTML Injection vulnerabilities. So I tried to re-register on the site and noticed a few things:

• The registration function requires an email address, username and password.
• When I click register after filling those details. A confirmation email will be sent to your email account.
• Inside that email there is a content like this

“Hey Faiyaz, Please verify your account here: https://verificationlink.com/”

And here “Faiyaz” is the username that I entered when I registered to the website.

Realizing this, I signed up again but this time I provided the username as:

<h1>Hacked</h1>

And surprisingly, I got the result as shown below:

As you can see, our html tag has been displayed successfully. I reported this bug to the company and they responded to it within a week. Article translated from the author Faiyaz.