Ethical Hacking(Bug Bounty)-HTML Injection Reflected Get
Hi, once again sorry it took so long but I’m back. Today we will be looking at one of the easy bugs HTML Injection. I’m assuming now you have got Bwapp working on your laptop whether on linux, windows or mac.
What is HTML Injection?
In layman terms HTML Injection is bypassing a website that has no protection of validated input and changing the content into what you want users to see by modifying but can only be done if the website is vulnerable. Bwapp is put into stages, easy, medium and hard.
Level: Easy
First, input a firstname and last name or anything else you want here, in my case I inputted a strong tag for John which is why it’s in bold.
At the page source, of the page above to show you the result.
Another method instead of inputting in the page, you can also input on the search bar and still receive the same output.
Level: Medium
After trying the same method done previously in the easy level you will start to notice that something has changed, the tag john is no longer bold, and when you get onto the page source something has changed from HTML text and it’s become HTML entities.
What is are HTML Entities?
Html entities are code that are reserved characters and used to display html code. They are a piece of text identified as &(ampersand) at the beginning and ;(semicolon) at the end. To find the error it is advisable to go to the source code as shown below. The source code is showing that it can be bypassed by using double character encoding more information about it here: https://owasp.org/www-community/Double_Encoding .
this is the file of the html bug you are looking at and where it is located, try to read the code and see what is different for the medium level.
Level: Hard
Here, we are going to the source code location first just like we did in level medium.
Instead of Html entities showing up it is htmlspecialchars, so what if we used the URL encoder once more, would it work?
Below we are trying to change from htmlspecialchars to entities then to text in bwapp
What are HTML special chars?
It is a function that is used in php to block harmful html codes from being inputted into a site. https://www.1keydata.com/php-tutorial/htmlspecialchars.php
That’s all for now folks until next time