Hidden HTML Tag: How they Can Lead to A Severe Vulnerability

Hi there

So this post is about how the hidden html tags can lead to a severe vulnerability.

What are Hidden HTML tags ?

The basic syntax of defining a hidden html tag is <input type="hidden" name="any_name" value="value">

this is highly used by the developers to define the CSRF token in the forms. However sometimes hidden HTML tag can lead to a severe vulnerability.

How this can lead to a Severe vulnerability ?

Some days ago I was testing for vulnerabilities in a website. On this website we can upload Images and then we can share them with other or we can make our private album.
So they also have paid plan which gives more storage.

I checked there plans there is a plan of 18Euro per year. they are also providing Paypal to pay.
However the price of the subscription was introduced in the hidden html tags. so this catches my attention.

You can use two methods for exploiting this

1. You can use Chrome developers tools open the inspect element there will a line of code like this
<input type="hidden" value="18" name="a3"> what you have to do just change the value to any of your desireda like 1 or anything you want.

2. You can use burp intercept the request and change the value of a3 and forward the request. and It will be done.

So what the conclusion is you have dont have to define the price in the hidden html tag and you do this then you have to apply some other restrictions like matching the price when the payment is made etc.


Thats all for this post 
Suggestion are welcome 


Thanks 
Jitendra Santram Singh (Team Computer Korner ) 



Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!