• Home
  • News
  • Software
  • Knowledge
  • MMO
  • Tips
  • Security
  • Network
  • Office
AnonyViet - English Version
  • Home
  • News
  • Software
  • Knowledge
  • MMO
  • Tips
  • Security
  • Network
  • Office
No Result
View All Result
  • Home
  • News
  • Software
  • Knowledge
  • MMO
  • Tips
  • Security
  • Network
  • Office
No Result
View All Result
AnonyViet - English Version
No Result
View All Result

How to use HTML to Hack Website – HTML INJECTION

AnonyViet by AnonyViet
January 24, 2023
in Security
0

SQL INJECTION I’m sure you’ve heard it for a long time, but HTML INJECTION is less well known. But it is no less dangerous than SQL INJECTION. So, in this article, we will learn what HTML INJECTION is and how to use it to attack.

Join the channel Telegram of the AnonyViet 👉 Link 👈

There are some people who often joke about using HTML to hack NASA, but you may not know, taking advantage of a hole in the PHP configuration, we can Hack Website with HTML in a simple way.

How to attack HTML INJECTION - Bug Bounty 2022

What is HTML Injection?

HTML injection is a web application vulnerability that allows any attacker to embed their own html code into a web page. In a word, it can be used by any attacker to add their own html code inside a web page.

Let’s take a practical example:

How to use HTML to Hack Website - HTML INJECTION 8

In the website above, you can see that it has a search feature. Try searching for something.

How to Use HTML to Hack Websites - HTML INJECTION 9

As you can see, I tried searching for “Faiyaz” and got this result. We can see that “Faiyaz” is mapping on the website. By analyzing this, we can conclude that “Faiyaz” is showing up in the website. To confirm this, search for “anything” on the website.

How to Use HTML to Hack Websites - HTML INJECTION 10

So I guessed right. Now we have made sure that whatever we type in the search field, will be displayed on the web page. Now, what if I type

Faiyaz

into the search field.

How to use HTML to Hack Website - HTML INJECTION 11

As we can see, the words “Faiyaz” are bold. It confirms that the html code i.e. Faiyaz has been displayed on the website successfully. You can continue to try other html codes on the site http://testphp.vulnweb.com.

How to find HTML Injection errors

You can insert HTML code anywhere on the web application as long as it accepts any user input and maps it onto the web page. It can be in:

  • Input fields (Like the example above)
  • Get parameter (Like https://example.com/?id=Hi)
  • Title (Like X-Forwarded-Host:

    Hey

    )

  • POST Parameters (Like username, password, etc.)

HTML Injection in practice

This is the story when I was searching on a private program about 2 months ago. The site has 2 functions:

  1. Login
  2. Signup

I started searching for these two functions for about 4 hours and got nothing. Then after resting for a day, I started hunting again. This time I started looking for HTML Injection vulnerabilities. So I tried to re-register on the site and noticed a few things:

  • The registration function requires an email address, username and password.
  • When I click register after filling those details. A confirmation email will be sent to your email account.
  • Inside that email there is a content like this

“Hey Faiyaz, Please verify your account here: https://verificationlink.com/”

And here “Faiyaz” is the username that I entered when I registered to the website.

Realizing this, I signed up again but this time I provided the username as:

<h1>Hacked</h1>

And surprisingly, I got the result as shown below:How to use HTML to Hack Website - HTML INJECTION 12

As you can see, our html tag has been displayed successfully. I reported this bug to the company and they responded to it within a week. Article translated from the author Faiyaz.

The article achieved: 5/5 – (100 votes)

Tags: HackHTMLInjectionWebsite
Previous Post

Chapter 3: Strings – Python Basics

Next Post

How to explore the world of the Dark Web

AnonyViet

AnonyViet

Related Posts

How to use hackers use Splitfus to execute PowerShell malicious code
Security

How to use hackers use Splitfus to execute PowerShell malicious code

July 20, 2025
How to implement Shellcode Injection attack technique with Autoit
Security

How to implement Shellcode Injection attack technique with Autoit

March 14, 2025
How to exploit the holy hole of Hijacking on Windows
Security

How to exploit the holy hole of Hijacking on Windows

March 8, 2025
Hamamal: Shellcode execution technique from afar to overcome Antivirus's discovery
Security

Hamamal: Shellcode execution technique from afar to overcome Antivirus's discovery

February 10, 2025
Snov.io Email Finder: Search emails with only company name/domain name/LinkedIn profile
Security

Snov.io Email Finder: Search emails with only company name/domain name/LinkedIn profile

December 14, 2024
Capsolver: Automatic solution solution for business
Security

Capsolver: Automatic solution solution for business

December 12, 2024
Next Post
How to explore the world of the Dark Web

How to explore the world of the Dark Web

0 0 votes
Article Rating
Subscribe
Login
Notify of
guest

guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Recent News

How to go for free Metro on National Day 2/9

How to go for free Metro on National Day 2/9

August 30, 2025
Instructions on how to use Live Activities on MacOS 26

Instructions on how to use Live Activities on MacOS 26

August 30, 2025
Download Vietnamese Autoit self -study curriculum for the beginning

Download Vietnamese Autoit self -study curriculum for the beginning

August 29, 2025
How to view more time zones on Mac with multitimeinmenubar

How to view more time zones on Mac with multitimeinmenubar

August 29, 2025
How to go for free Metro on National Day 2/9

How to go for free Metro on National Day 2/9

August 30, 2025
Instructions on how to use Live Activities on MacOS 26

Instructions on how to use Live Activities on MacOS 26

August 30, 2025
Download Vietnamese Autoit self -study curriculum for the beginning

Download Vietnamese Autoit self -study curriculum for the beginning

August 29, 2025
AnonyViet - English Version

AnonyViet

AnonyViet is a website share knowledge that you have never learned in school!

We are ready to welcome your comments, as well as your articles sent to AnonyViet.

Follow Us

Contact:

Email: anonyviet.com[@]gmail.com

Main Website: https://anonyviet.com

Recent News

How to go for free Metro on National Day 2/9

How to go for free Metro on National Day 2/9

August 30, 2025
Instructions on how to use Live Activities on MacOS 26

Instructions on how to use Live Activities on MacOS 26

August 30, 2025
  • Home
  • Home 2
  • Home 3
  • Home 4
  • Home 5
  • Home 6
  • Next Dest Page
  • Sample Page

©2024 AnonyVietFor Knowledge kqxs hôm nay xem phim miễn phí mm88 8XBET mm88 trang chủ new88

No Result
View All Result
  • Home
  • News
  • Software
  • Knowledge
  • MMO
  • Tips
  • Security
  • Network
  • Office

©2024 AnonyVietFor Knowledge kqxs hôm nay xem phim miễn phí mm88 8XBET mm88 trang chủ new88

wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply