Hacking 101 - HTML injection - web security tutorial

Hello World! Welcome to my Blog. In this video, I am Going to show you how to Test Web application For Html injection Vulnerability.

HTML injection is a type of injection issue that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. 

This vulnerability can have many consequences, like disclosure of a user's session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims. 

How to test: 

There is a wide range of methods and attributes that could be used to render HTML content. If these methods are provided with untrusted input, then there is a high risk of XSS, specifically an HTML injection one. Malicious HTML code could be injected for example via inner HTML, that is used to render user inserted HTML code. If strings are not correctly sanitized the problem could lead to XSS based HTML injection. Another method could be document.write() When trying to exploit this kind of issues, consider that some characters are treated differently by different browsers. For reference see the DOM XSS Wiki. 

How to Prevent HTML Injection?

 This type of injection attack occurs when the input and output are not properly validated. Therefore the main rule to prevent HTML attack is appropriate data validation. 

What is bWAPP?

bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hackingprojects.