Dancylove
  • Home
  • General news
    10 TEST TO HELP YOU FIND A career that suits you

    10 TEST TO HELP YOU FIND A career that suits you

    The threshold for human ear sounds. How much can you hear?

    The threshold for human ear sounds. How much can you hear?

    How to fix vcruntime140.dll is Missing Error on Windows

    How to fix vcruntime140.dll is Missing Error on Windows

    A small tool that disables dangerous Windows features

    A small tool that disables dangerous Windows features

    Basic User Mistakes About CPU ???

    Basic User Mistakes About CPU ???

    The world’s largest forum announced the number of daily users for the first time

    The world’s largest forum announced the number of daily users for the first time

    In which, on which, for which, of which is what? Distinguish

    In which, on which, for which, of which is what? Distinguish

    What is look like, look for, look to, be like & How to use

    What is look like, look for, look to, be like & How to use

  • Technology tips
    10 TEST TO HELP YOU FIND A career that suits you

    10 TEST TO HELP YOU FIND A career that suits you

    The threshold for human ear sounds. How much can you hear?

    The threshold for human ear sounds. How much can you hear?

    How to fix vcruntime140.dll is Missing Error on Windows

    How to fix vcruntime140.dll is Missing Error on Windows

    A small tool that disables dangerous Windows features

    A small tool that disables dangerous Windows features

    Basic User Mistakes About CPU ???

    Basic User Mistakes About CPU ???

    The world’s largest forum announced the number of daily users for the first time

    The world’s largest forum announced the number of daily users for the first time

    In which, on which, for which, of which is what? Distinguish

    In which, on which, for which, of which is what? Distinguish

    What is look like, look for, look to, be like & How to use

    What is look like, look for, look to, be like & How to use

  • Software
  • Home
  • General news
    10 TEST TO HELP YOU FIND A career that suits you

    10 TEST TO HELP YOU FIND A career that suits you

    The threshold for human ear sounds. How much can you hear?

    The threshold for human ear sounds. How much can you hear?

    How to fix vcruntime140.dll is Missing Error on Windows

    How to fix vcruntime140.dll is Missing Error on Windows

    A small tool that disables dangerous Windows features

    A small tool that disables dangerous Windows features

    Basic User Mistakes About CPU ???

    Basic User Mistakes About CPU ???

    The world’s largest forum announced the number of daily users for the first time

    The world’s largest forum announced the number of daily users for the first time

    In which, on which, for which, of which is what? Distinguish

    In which, on which, for which, of which is what? Distinguish

    What is look like, look for, look to, be like & How to use

    What is look like, look for, look to, be like & How to use

  • Technology tips
    10 TEST TO HELP YOU FIND A career that suits you

    10 TEST TO HELP YOU FIND A career that suits you

    The threshold for human ear sounds. How much can you hear?

    The threshold for human ear sounds. How much can you hear?

    How to fix vcruntime140.dll is Missing Error on Windows

    How to fix vcruntime140.dll is Missing Error on Windows

    A small tool that disables dangerous Windows features

    A small tool that disables dangerous Windows features

    Basic User Mistakes About CPU ???

    Basic User Mistakes About CPU ???

    The world’s largest forum announced the number of daily users for the first time

    The world’s largest forum announced the number of daily users for the first time

    In which, on which, for which, of which is what? Distinguish

    In which, on which, for which, of which is what? Distinguish

    What is look like, look for, look to, be like & How to use

    What is look like, look for, look to, be like & How to use

  • Software
No Result
View All Result
Dancylove
No Result
View All Result
Home Technology tips

How to Use HTML to Hack Websites – HTML INJECTION

How to Use HTML to Hack Websites – HTML INJECTION

by admin
June 14, 2022
in Technology tips
488 5
0
How to Use HTML to Hack Websites – HTML INJECTION

How to Use HTML to Hack Websites – HTML INJECTION

740
SHARES
3.5k
VIEWS
Share on FacebookShare on Twitter

While this is a really useful feature, it may not be the case for some people. If you don’t want others to know which Word File you recently opened in Word and you don’t want it to appear there, you can disable this feature. You can also remove specific documents from the list if you don’t want to turn it off completely.

Contents

  • 1. What is HTML Injection?
  • 2. How to find HTML Injection errors
  • 3. HTML Injection in practice

1. What is HTML Injection?

HTML injection is a web application vulnerability that allows any attacker to embed their own html code into a web page. In a word, it can be used by any attacker to add their own html code inside a web page.

Let’s take a practical example:

In the above website you can see that it has a search feature. Try searching for something.

As you can see, I tried searching for “Faiyaz” and got this result. We can see that “Faiyaz” is mapping on the web page. By analyzing this, we can conclude that “Faiyaz” is showing up in the website. To confirm this, search for “anything” on the website.

So I guessed right. Now we have made sure that whatever we enter in the search field, will be displayed on the web page. Now, what if I type <h1>Faiyaz</h1> into the search field.

As we can see, the words “Faiyaz” are bold. It confirms that the html code i.e. Faiyaz has been displayed on the website successfully. You can continue to try other html codes on the site http://testphp.vulnweb.com.

2. How to find HTML Injection errors

You can insert HTML code anywhere on the web application as long as it accepts any user input and maps it onto the web page. It can be in:

  • Input fields (Like the example above)
  • Get parameter (Like https://example.com/?id=Hi)
  • Title (Like X-Forwarded-Host: <h1>Hey</h1>)
  • POST Parameters (Like username, password, etc.)

3. HTML Injection in practice

This is the story when I was searching on a private program about 2 months ago. The website has 2 functions:

  • Login
  • Signup

I started searching for these two functions for about 4 hours and got nothing. Then after resting for a day, I started hunting again. This time I started looking for HTML Injection vulnerabilities. So I tried to re-register on the site and noticed a few things:

The registration function requires an email address, username and password.
When I click register after filling those details. A confirmation email will be sent to your email account.
Inside that email there was something like this
“Hey Faiyaz, Please verify your account here: https://verificationlink.com/”

And here “Faiyaz” is the username that I entered when registering on the website.

Realizing this, I signed up again but this time I provided a username of:

<h1>Hacked</h1>

And surprisingly, I got the result as shown below:

Previous Post

How to use Infoooze to search for other people’s information on the Internet

Next Post

How to delete recent file opening history on Word

admin

admin

Next Post
How to delete recent file opening history on Word

How to delete recent file opening history on Word

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular

  • How to take advantage of Google Colab as a free VPS

    How to take advantage of Google Colab as a free VPS

    1251 shares
    Share 500 Tweet 313
  • How to fix m.youtube keep showing as mobile version on a PC browser?

    1075 shares
    Share 430 Tweet 269
  • PoC CVE-2021-40444 – Attach Virus to Word File

    740 shares
    Share 296 Tweet 185
  • Install Windows 10 on Google Cloud (updated 03/2021)

    925 shares
    Share 370 Tweet 231
  • 4 super convenient and extremely convenient tips on Windows 10 you may not know

    939 shares
    Share 376 Tweet 235

About

  • Home
  • Contact
  • About
  • Policy

Recent hot posts

  • API Security 101: Injection
  • Tool InstallerFileTakeOver escalates Admin privileges on Windows 10/11
  • PoC CVE-2021-40444 – Attach Virus to Word File
  • DDosify – Website DDoS load testing tool
  • How to install Windows 11 without a Microsoft account with Rufus
July 2022
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Jun    

My blog is a place to share technology tips, best tips. Please follow and support me.

DMCA.com Protection Status

© 2022 JNews - Premium WordPress news & magazine theme by Jegtheme.

No Result
View All Result
  • Home
  • General news
  • Technology tips
  • Software

© 2022 JNews - Premium WordPress news & magazine theme by Jegtheme.

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In