HTML injection is related to cross-site scripting. This attack involves injecting certain HTML tags. Some servers are vulnerable to HTML injection. This injection occurs when an attacker can control an input point and can inject malicious HTML code into a vulnerable web page. HTML injection is done using meta-characters. This vulnerability leads to disclosure of a user’s session cookies. It can also allow the attacker to modify the page content seen by the victims (end users). HTML injection occurs due to improper sanitisation of user input and improper encoding of output. This attack allows an attacker to injection or sends a malicious HTML page to the end users. As the browser doesn’t know if the page is trusted or not, it will execute and parse all the parts of the page. If the page had any malicious codes in it, the codes would be executed on behalf of the end user. This vulnerability will, in turn, make the end user vulnerable to many more attacks. This attack can be executed using a wide range of methods and attributes that could be used to render HTML content. If this method is provided with untrusted input, then there will be a massive chance for HTML injection attack (Other attacks include XSS). Malicious HTML code could be injected via innerHTML, that is used to render user inserted HTML code. If strings are not correctly sanitised, the problem could lead to XSS based HTML injection. Another method to execute this attack could be to use document.write() function.
The below code has unvalidated input. This code is used to create dynamic HTML in the page context:
If the code is like this, then an attacker can use the URL below.
Using this vulnerability, an attacker can:-
Beagle recommends the following fixes for this vulnerability:-