Is a type o' injection issue that happens when a user can control an input point and can inject any HTML code into a web page that's vulnerable. It can be used tae mess up a web page or send the user tae a dodgy website. It can also be linked wi' other weaknesses tae make it even mair serious.
PROOF O' CONCEPT (Create New Account Page on the app, while haein' a gander at HTML Injection in email):
The braw parameter for testin' this type o' attack wad be the "invite new user" parameters.
1. Open Create New Account Page, put in yer email id and Password. In the First Name bit, sneaked in some HTML Injection payload
Code: Select all
<a href=”cyberarchcracker.com”><h1>Please click here to verify your account<h1></a>2. A new mail is sent tae the user, and the payload does its job.
The damage from this kind o' attack depends on what kind o' app or business is involved. It can lead tae phishing attacks. For banking apps, this attack is serious.