We all have learnt html in our school and college days. Being very easy to learn, most of us have good command over it. As we know that it’s mostly used for making websites but one can also use it to do bad deeds like defacing websites, stealing user credentials or more.
What is Html Injection ?
HTML injection is a type of attack where a user find a injection point to input his malicious html code into that point and then forwards that url to the victim via email or other social media platforms.
What are Injection Points ?
Various sites have registration forms, search bars or comment sections these are perfect places to test html injection. You can also directly put html into the search box like when you see variables like search=”abc” or lang=”abc” or time=”abc” so these all abc can be replaced by html code.
How to test against them ?
The basic html code is <h1>abc</h1>.
If this abc goes big and bold, you are set to go. Then you can move forward by being creative like using inline css style or using iframe tags. You can also set fake gmail, facebook, twitter pages to get their passwords. 😉 . But It should be used for good purposes and if you find it, report it and be responsible.
Where to practice HTML INJECTION ?
This is a good site https://xss-quiz.int21h.jp/. This site is meant for XSS attacks but you can also use it to perforn html injection attacks. There are many offline options like
Use it responsibly and stay tuned for more content on ethical hacking.