HTML injection is the insertion of arbitrary HTML code into a vulnerable web page. Vulnerabilities in this area may lead to the disclosure of sensitive information or the modification of page content for the purposes of socially engineering the user.
Testing for HTML injection
Getting ready
Using the OWASP Mutillidae II Capture Data Page, let's determine whether the application is susceptible to HTML injection attacks.
How to do it...
- Navigate to OWASP 2013 | A1 – Injection (Other) | HTMLi Via Cookie Injection | Capture Data Page:
- Note how the page looks...