Open in app

Sign in

Write

Sign in

Ethical Hacking(Bug Bounty)-HTML Reflected Post

Emmanuel Wiseman
4 min readJul 6, 2021

--

What is HTML Reflected POST?

To surmise HTML Reflected is a bit different from the GET method where you input certain characters to gain access to the data that is being requested but in this case it is more of using malicious HTML code parameters to send to your target and gain access. You will see this with the examples of Bwapp Below.

Level Easy:

First we can just type your name or anything you can think of <h1> Emmanuel</h1> for firstname and <h2>wise </h2> for last name and it works as shown below and that’s all pretty easy you see.

Level: Medium

Next, in medium we just going to have a repeat of what we just did in easy, but have you noticed something is different with the result, so we are going to investigate that by decoding and encoding as right now if you right click and go to page source you’ll see a difference. You can find out more about this method here: https://www.tutorialspoint.com/security_testing/encoding_and_decoding.htm

As you can see I have taken the characters that you noticed at the beginning and took some time to find a good decoder and encoder tool to use to try to gain access.

Just clicked on encode and it brought these characters that if used in the wrong hands to inject malicous code…well you know what I’m talking about.

After inputting the encoded characters into the login fields, now all you have to do is click on the button go.

Look at that, we have gained access.

Let’s look at the page source and see what we have, below we see that is htmlspecailchars let’s try to change it to text using a htmlspecailchars converter like this one https://www.online-toolz.com/tools/text-html-entities-convertor.php

htmlspecialcharacters is a php function() that is used to convert normal characters and turn them into htmlentities, this was covered in the first bug bounty I gave of Reflected GET in level medium(you can read more there).

this is the file of the html bug you are looking at and where it is located, try to read the code and see what is different for the high level.

Trying to use the same method of encoding to see if there is a solution but it did not bring results.

I even tried using burpsuite a friendly tool for discovering vulnerabilities and then forwarding the result back to the bwapp website but nothing as you can see down below.

Well that’s all for now guys till next time…

Ethical Hacking
Learning
Bwapp

--

--

Emmanuel Wiseman

Written by Emmanuel Wiseman

6 Followers

Just someone sharing knowledge

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams