html-injection-testing

Identify and exploit HTML injection vulnerabilities that allow attackers to inject malicious HTML content into web applications. This vulnerability enables attackers to modify page appearance, create phishing pages, and steal user credentials through injected forms. HTML injection occurs when user input is reflected in web pages without proper sanitization: Key differences from XSS: Attack goals: Map application for potential injection surfaces: Common vulnerable parameters: Test with simple HTML tags: Testing workflow: Payload persists in database: Payload in URL parameters: Payload in POST data: Inject into displayed URLs: Create convincing phishing forms: URL-encoded phishing link: Website appearance manipulation: Evade basic filters: Secure coding practices: Server-side protections: This skill is applicable to execute the workflow or actions described in the overview. - Web browser with developer tools - Burp Suite or OWASP ZAP - Tamper Data or similar proxy - cURL for testing payloads - HTML fundamentals - HTTP request/response structure - Web application input handling - Difference between HTML injection and XSS - Vulnerability Report - Identified injection points - Exploitation Proof - Demonstrated content manipulation - Impact Assessment - Potential phishing and defacement risks - Remediation Guidance - Input validation recommendations - HTML injection: Only HTML tags...