From W3schools
HTML is
the standard Hyper Text Markup Language which
use for designing Web pages
·
HTML describes
the structure of Web pages using markup.
·
HTML elements are
the building blocks of HTML pages.
·
HTML elements are
represented by tags.
·
HTML tags label
pieces of content such as "heading", "paragraph",
"table", and so on.
·
Browsers do not show
the HTML tags, but utilize them to submit the content of the page.
HTML Tags
HTML tags are element names surrounded by angle brackets. Their two types of tag starting also known as opening tag and end tag also known as closing tag.
HTML Elements
An HTML element usually consists of a start tag and end tag, with the content inserted in
between:
HTML Attributes
Attributes provide additional
information about HTML elements. Attributes generally come in form of name/value pairs
like: name="value"
Create web
page using html
Generally “Notepad” is use for writing HTML code and save
the text file with .html/.htm extension for example “test.html” then open the saved file using any web browser.
To create a simple web page type following code inside
notepad and save test.html
When you will open test.html
in web browser you will see given below image.
HTML injection is the vulnerability
inside any website that occurs when the
user input is not correctly sanitized and the output is not encoded and attacker is able to inject valid HTML code into a
vulnerable web page. There are so many techniques which could be use element
and attributes to submit HTML content.
If these methods are provided with an
untrusted input, then there is a high risk of XSS, specifically an HTML
injection one. If strings are not correctly sanitized the problem could lead to
XSS based HTML injection.
This vulnerability can have many
consequences, like disclosure of a user's session cookies that could be used to
impersonate the victim, or, more generally, it can allow the attacker to modify
the page content seen by the victims.
Their two type of html injection as
following:
·
Stored
HTML
·
Reflected
HTML
Stored HTML
A stored HTML also known as Persistence because through
this vulnerability the injected malicious script get permanently stored inside
the webserver and the application server give out it back to the user when he
visits the respective website. Hence when the client will click on payload
which appears as an official part of the website, the injected HTML code will
get execute by the browser. The most common example is comment option on blogs,
which allow the users to POST their comment for administer or other user.
Example:
An example of a web application vulnerable to stored
HTML injection which allow users to submit their entry in blog as shown in the
screenshot.
Firstly user “raj” had made a normal entry as attacker
which is successfully added in web server database.
Enter
following html code inside given text area for making HTML attack.
Above
HTML code will generate a payload to create
user login page on targeted web page
and forward that credential to attacker’s
IP.
You can
see given below login page look valid to user and get stored inside web server.
Now when victim will open the
malicious login page he will receive above web page which looks official to him
and he will submit his credential in that page. As he will do so the request
will be forward on attacker IP address.
nc -vlp 80
Attacker will receive users
credential as response on natcat. From screenshot you can read username=bee & password=bug
Now attacker will use these
credential for login.
Reflected HTML
The reflected HTML HTML is also known as Non
Persistence is occurs when the
web application respond immediately on user’s input without validating the
inputs this lead an attacker to injects browser executable code inside the
single HTML response. It’s named as “non-persistent” since the malicious script
does not get stored inside the web server, therefore attacker will send the
malicious link through phishing to trap the user.
The most common applying of this kind of vulnerability
is in Search engines in website: the attacker writes some arbitrary HTML code
in the search textbox and, if the website is vulnerable, the result page will
return the result of these HTML entities.
Example:
Following web page allow user to
submit his first and last name but these text field are vulnerable to HTML
injection.
Now type following html code in the
text field given for first name which create a link for hackingarticles.in when
you click on “RAJ”
Similarly type following
code in given text field for last name:
CHANDEL
Click on
Go tab to execute this as first and last name.
From given screenshot you can see it
has submitted RAJ CHANDEL and the word “RAJ” contains a link for hackingarticles.in, when you will click
on link it will forwarded to hackingarticles.in
0 comments:
Post a Comment