Ethical Hacking(Bug Bounty)-HTML Injection Reflected current URL

What is HTML Reflected current url?

It is playing around with the host by changing it using an application like burpsuite to do it and seeing if it will give the intended result.

Level: Low

Pay attention to the current url and and refresh the page with burpsuite intercept turned on to the localhost that is http://127.0.0.1

Here is our result but look at the Host that says localhost we are going to iterate that as shown below and also iterate the GET request

Our Host is now known as hacked but you could change it to whatever you would like even a site of your choice and then forward the request back to the bwapp website as shown below.

The result is hacked is in the url and the name Emmanuel that is in <h1> as shown above.

Level: Medium

You will have to go to the file folder of bwapp and search for current_url file and look at the Document object that is on case 1 which represents the entire HTML document, which can be used to access all elements in the page

Document.URL is what Sets the URL property to open another web page in the same window and Document.write () Dynamic to the page.

To bypass this, I need internet explorer, which I don’t have but I know the solution it’s http://localhost:8080/bWAPP/htmli_current_url.php#<h1>Emmanuel</h1> to bypass the DOM attack

Level: High

$url = “http://” . $_SERVER[“HTTP_HOST”] . xss_check_3($_SERVER[“REQUEST_URI”]).

That’s all for now folks until next time….