HTML Injection is a critical vulnerability that poses significant risks to web applications, potentially leading to severe damage. To effectively assess and amplify the severity of an HTML Injection, follow these steps:
- Thoroughly examine all input fields within the web application. Input fields can harbor various vulnerabilities, including SQL Injections, Cross-Site Scripting (XSS), Server Side Template Injection (SSTI), and more.
- In scenarios where the application has protective measures against XSS attacks, it is worthwhile to explore HTML Injections as an alternative. HTML Injections can be equally destructive and should be thoroughly tested.
To test for HTML Injections, use the following method:
- Insert the following code within an input field:
"><h1>TEST </h1>
- If the displayed output on the screen shows a large text with “TEST,” it signifies a successful HTML Injection.
However, it is important to note that such an injection may not demonstrate significant impact on its own. Although it allows for defacement of the web application, you can escalate this vulnerability further by utilizing the meta tag.
By injecting a meta tag, an attacker gains the capability to manipulate the web application’s behavior in unexpected ways. One particularly impactful manipulation involves the use of the meta tag to initiate a redirection to another website. Consider the following example payload that redirects users to a specified website:
<meta name="language" content="0;<URL>"HTTP-EQUIV="refresh""/>
If the injection is successful, it will result in an HTML Injection to Open Redirect vulnerability. Depending on the location of the injected meta tag within the application, anyone accessing it will be redirected accordingly.
To summarize, to increase the severity of an HTML Injection, you can employ the technique of injecting a meta tag that enables unexpected redirection. This manipulation grants an attacker greater control over the behavior of the web application, potentially leading to further exploits and compromising user interactions.
We can also use anchor tags such as:
<a href=“https://redirectedwebsite.com”>Click Me </a>
source: https://corneacristian.medium.com/methods-to-exploit-html-injection-17b4254035e