Got Easiest Bounty with HTML injection via email confirmation!

Shaurya Sharma
Mar 11, 2020 · 2 min read

HTML injection is an attack very similar to Cross-site Scripting (XSS), whereas in XSS the attacker can inject and execute Javascript code, in HTML injection attack it allows only the injection of certain HTML tags.

LET’S GO HUNTERS!!

  • I register on the site, with the name “Shaurya” surname “Sharma” email {xxxx@mail.com} Temp-Mail (Disposable Email)
  • After registration, comes a message asking the user to validate their account through an email confirmation.

“-Please Shaurya Sharma, validate your account through a link sent to xxxxx@mail [.] Com”

<h1> Email confirmation </h1>

<p> Hello Shaurya Sharma, here is the link to confirm your email.

http://xxxxxx.org.in/Login/id=8829234?q

</p>

We noticed that the site recorded the user’s name as HTML in the database, and now when requesting confirmation, the HTML injected by the user is able to break the original email sent by the system.

Testing HTML injection:

  • I created a new account, named ` ”> <img src = (Link/Location) `and surname test, then the site returns the answer:-

“Please“> <img src =” https://i.redd.it/l1yy7vaasqv31.jpg “> test, validate your account using a link sent to xxxxxx@mail [.] Com ”

OUTPUT >

Hello,

, here is the link to confirm your email http://xxxxxx.org.in/Login/id=8829234?q

DONE !! Now you can inject any malicious input/code in the “Name” field text box, ant the output is reflected in the confirmation email.

Impact Example-: In banking systems, it can be used to obtain information about the victim’s card or request some unusual payment.

KEEP HUNTING …

#CyberVerse #Togtherwehitharder #bugbounty #webapplication

Cyber Verse

You are under survillence.

Cyber Verse

You are under survillence.

Shaurya Sharma

Written by

Security Researcher | DevSecOps | Twitter:-https://twitter.com/ShauryaSharma05

Cyber Verse

You are under survillence.