Skip to main content

How to hack mostly websites with HTML Injection in 3 minutes.

                          Hacking website- HTML Injection


HTML Injection
HTML Injection is a vulnerability which occurs in web applications that allows users to insert html code via a specific parameter for example or an entry point. This type of attack can be used in combination with some sort of social engineering in order to trick valid users of the application to open malicious websites or to insert their credentials in a fake login form that it will redirect the users to a page that captures cookies and credentials. In this tutorial we are going to see how we can exploit this vulnerability effectively once it is discovered. For the needs of the article the Mutillidae will be used as the vulnerable application.


Vulnerable Form
Of course in this example there is an indication that this form is accepting HTML tags as it is part of the functionality of the application. A malicious attacker will think that he can exploit the users of this application if he set up a page that is capturing their cookies and credentials in his server. If he has this page then he can trick the users to enter their credentials by injecting into the vulnerable page a fake HTML login form. Mutillidae has already a data captured page so we are going to use this page for our tutorial
.
Mutillidae – Data Capture Page
Injecting HTML Code – Fake Login
Now we can inject HTML code that it will cause the application to load a fake login form.

.
Injecting HTML Code – Fake Login
.
Fake Login Form
Every user that will enter his credentials it will redirected to another page where his credentials will stored. In this case the credentials can be found at the data capture page and we can see them below:



As we saw in this article HTML injection vulnerabilities are very easy to exploit and can have large impact as any user of the web application can be a target. System admins must take appropriate measures for their web applications in order to prevent these type of attacks.

Comments

Post a Comment

Popular posts from this blog

Check Your Mother Board Model Number ,Serial Number, Version, And Many More.

How to Check Your Motherboard Model Number on Your Windows PC Whether you need to update drivers, want to check hardware compatibility, or you’re just curious , it’s way easier to check your motherboard model number with these simple tricks than it is to crack open your computer case to check the board itself . Read on as we show you how to check your motherboard model number from the comfort of your keyboard. Why Do I Want To Do This? There are a variety of situations where knowing your motherboard’s model number is important: upgrading your drivers, buying new hardware (you’ll need the proper expansion slots for card-based upgrades and the right memory DIMMS for memory upgrades, etc.), and checking the capabilities of your board if you’re considering upgrading the entire thing.  First Way (SIMPLEST WAY):- In this way there is only two step :- Step 1:- Go to Run(By Pressing Win+R) . Step 2:- Type dxdiag in Run and hit enter .   Now
Post a Comment
Read more

About Basic Networking Topology

           Basic Networking Topology This article describes common topologies used for networking. These are a very basic examples, and large networks often use a combination of two or more topologies. Introduction The term "topology" is used to describe the infrastructure of a network. It is a basic map or scheme of how the network is constructed. Viewing the topology of a network is a lot like looking at the map of city. You can see the central points or landmarks. Popular points of the cities are usually surrounded by a dense population of residents. The same is true for computer networks. The popular points (usually servers) are surrounded by residents (client machines) that connect to the server. If you read a networking book about topology, they will probably cover the physical types of topologies like star, ring, bus, and mesh. While these were all commonly used topologies at one point in time, star is the primary topology used today.
Post a Comment
Read more

Top 5 important Command Prompt Command Hack You Probably Don't Know

5 Command Prompt Hacks You Probably Don’t Know I love the Windows Command prompt because I often get things done faster by typing a command rather than hunting down an icon or nested menu setting. I’ve discovered that as I’ve used the command prompt, I’ve adopted my own shortcuts, I’ll call them hacks, that have really boosted my productivity. Here are my top five: 1. Copy Path on Folder Drop I have a file whose path is C:\xampp\htdocs\Vonster\wp-content\t hemes\twentytwelve that I needed but look at that folder path: if I manually type it I’ll instantly make myself susceptible to all kinds of typos plus I’m lazy and couldn’t care less about typing folder paths. To paste the full path, just drag the folder and drop it into the command prompt. In my case I typed cd in the command prompt and then dragged my folder into the command window. trickntools.blogspot.com 2. View history with F7 One way to recount the list of commands you typed during a
Post a Comment
Read more