HTML Injection leads to XSS
Discovered by Nithissh S
Vulnerable version: 1.0
Vendor Homepage:
Bug Description:
HTML Injection is an attack that is similar to Cross-site Scripting (XSS). While in the XSS vulnerability the attacker can inject and execute Javascript code, the HTML injection attack only allows the injection of certain HTML tags. When an application does not properly handle user supplied data, an attacker can supply valid HTML code, typically via a parameter value, and inject their own content into the page. This attack is typically used in conjunction with some form of social engineering, as the attack is exploiting a code-based vulnerability and a user’s trust.
Steps to Produce:
- First of all we have to look into the source code
2. By look into the source code , we can confirm that input field aren’t sanitized well properly
3. So, we can enter HTML query into the input field
“><img src=https://www.roflphotos.com/tamilcomedymemes/image/roflphotos-dot-com-photo-comments-20210129105151.jpg>
4. Now , After the Successful signup go to the profile page and you will see the HTML payload gets executed
Impact:
- Attacker discovers injection vulnerability and decides to use an HTML injection attack
- Attacker crafts malicious link, including his injected HTML content, and sends it to a user via email
- The user visits the page due to the page being located within a trusted domain
- The attacker’s injected HTML is rendered and presented to the user asking for a username and password
- The user enters a username and password, which are both sent to the attackers server
CVE Mitre -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43441