Uncovering HTML Injection Vulnerabilities in Web Applications: A Comprehensive Analysis

jadavvineet73 181 views 32 slides Jul 02, 2024
Slide 1
Slide 1 of 32
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27
Slide 28
28
Slide 29
29
Slide 30
30
Slide 31
31
Slide 32
32

About This Presentation

This presentation provides an in-depth analysis of HTML injection vulnerabilities in web applications. It explores the mechanisms through which these vulnerabilities are introduced, their potential impacts, and effective mitigation strategies. Through case studies and real-world examples, the report...

Size: 11.44 MB
Language: en
Added: Jul 02, 2024
Slides: 32 pages

Slide Content

Project Report on Uncovering HTML Injection Vulnerabilities in Web Applications

Agenda Research Data Collection Impact Analysis Recommendation Abstract Tools Proof of Concept (PoC) References

Research Website Details: Name: Manage Engine URL: https://manageengine.com Category/Type: Computer-and-Internet-Info Overall Ranking/Usage/Popularity: Low-Risk

Data Collection: Technology Stack: Frontend: HTML, CSS, JavaScript Backend: PHP Database: MySQL Web Server: Apache

Impact Analysis: HTML Injection vulnerabilities can have significant impacts, including: Defacement: Attackers can modify the appearance of the website. Phishing: Injected HTML can create fake login forms to steal user credentials. Malicious Redirection: Users can be redirected to malicious sites. Cookie Theft: JavaScript injection can steal cookies, leading to session hijacking.

Recommendation : To mitigate HTML Injection vulnerabilities, the following security measures should be implemented: Input Validation: Validate and sanitize all user inputs on the server-side to ensure they do not contain any HTML tags or scripts. Output Encoding: Encode data before displaying it on the web page to prevent the browser from interpreting it as HTML or JavaScript. Content Security Policy (CSP): Implement a CSP to restrict the sources from which scripts and other resources can be loaded. Regular Security Audits: Perform regular security audits and vulnerability assessments to identify and fix potential security issues. Use Security Libraries: Utilize security libraries and frameworks that offer built-in protection against common web vulnerabilities.

Abstract: The goal of this report is to identify and demonstrate the presence of an HTML Injection vulnerability on a specific website. HTML Injection occurs when an attacker can inject arbitrary HTML code into a web page due to improper input validation. This report includes a detailed analysis of the vulnerability, its impact, and recommendations for mitigating such security issues. Additionally, a Proof of Concept (PoC) is provided to demonstrate the exploit.

Tools: Browser: Has used for manual testing Burp Suite: has used for intercepting and modifying requests Temp-mail: has used for generating temporary mails.

Proof of Concept (PoC): Capture Packets with BurpSuite : open BurpSuite and set up the proxy.

Configure the browser to use BurpSuite’s proxy.

Navigate to the vulnerable website https://www.manageengine.com .

Go to support in that request a demo.

Now start the burp proxy to capture the http request from the website.

Turn on the intercept on the burp suite.

Get the temporary mail from https://temp-mail.org .

Fill all the required information in the given form and click on submit.

Go to the burp suite and search for the username in the captured request.

Copy this html line of code and paste it into the http request in burp suite.

Paste it in between the <h1></h1> in the username and replace “test.com” to “evil.com” send the request.

Turn off the interception in the burp suite.

Turn off the burp proxy.

Reload the vulnerable website page.

Go to the temp mail website and search for the inbox mail.

Open the mail which we received from vulnerable website.

Click on the given link address in the mail.

And it redirected to the “evil.com”.

References: OWASP HTML Injection HTML Injection Example

Conclusion The project successfully identified an HTML Injection vulnerability on the target website. The provided PoC demonstrates the exploit, and appropriate recommendations have been made to mitigate such vulnerabilities in the future. Proper input validation, output encoding, and security policies are crucial in protecting against HTML Injection attacks.

Questions ?

Thank You!
Tags
cyber security project cyber protection cyberwarfare htmlinjection html vulnerabilityanalysis #web vulnerabilities exploit slideshare presentation slideshare project presentation #cyber security course
Categories
Technology Education
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 181
  • Slides 32
  • Age 519 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
48 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
47 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
35 views
Know for Certain 21
Know for Certain
DaveSinNM
23 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views
View More in This Category