Hello everyone. I hope everyone is doing great :)
In this blog, I will explain how I got HTML Injection on a website. Let’s take the name of the website as example.com
In the website, there was a search box so I put hello there and intercepted the request, sent that to repeater and searched for hello in the response to check whether it was reflecting or not. So I found out that hello was reflecting on multiple places, I checked all the reflection and found out that the term hello was within a value.
So I simply did the modification and changed hello to “><h1>hello</h1> to check if it is vulnerable to HTML Injection. I sent that request and checked the response in the browser and I was able to get the heading so it was vulnerable to HTML Injection.
So, I thought to chain it with open redirection to increase the impact so I modified <h1>hello</h1> to “><a href=”https://bing.com”>hello</a> and when I checked the response in the browser, I was able to get hello in the form of hyperlink in the response.
I further tried to execute XSS to increase it’s impact from P4 to P3, but it didn’t work so I reported this bug but unfortunately, it was marked as a duplicate. You can also try to check if the application is vulnerable to HTML Injection and then try to increase it’s impact.
So that’s how I find it. Make sure to check everything and try to chain the bugs in order to increase the impact.
I hope you enjoyed reading the blog. Thank you :)