Things to know all about HTML Injection

HTML injection is a type of injection vulnerability that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page.

This vulnerability occurs when user input is not correctly sanitized and the output is not encoded.

Types of HTML injection

1. Reflected HTML injection
2. Stored HTML injection

Reflected HTML injection: - Reflected Injection attacks can be performed differently according to the HTTP methods i.e, GET and POST. Reflected GET Injection occurs when our input is being displayed (reflected) on the website.

1.  Reflected HTML injection (GET method)
2.  Reflected HTML injection (POST method)

Stored HTML injection: - Stored injection attack occurs when malicious HTML code is saved in the web server and is being executed every time when the user calls for an appropriate functionality.

Root Cause:

• Lack of Input Validation.
• No input sanitization.
• Improper Output Encoding.

Impact:

• Using or Harming the Reputation of the Web Page.
• Exfiltrating Sensitive User Data.
• Exfiltrating Anti-CSRF Tokens.
• Exfiltrating Passwords Stored in the Browser.

Remediation:

• Your script should filter metacharacters from user input.

---

---

As a dedicated author on my blog, I delve into the realms of my interests with fervor. Through my eloquent and insightful articles, I strive to share my unique perspective, spark meaningful conversations, and leave readers enlightened and captivated by the power of words. Join me in navigating a tapestry of ideas and narratives that reflect both intellect and creativity

---