Summary
HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the application, where the Target Organization and Target Description fields accept HTML payloads. The injected HTML is rendered and executed in the target area, potentially leading to malicious actions.
PoC
- Log in to the application.
- Navigate to the "Target" section and click on "Add Target."
- Fill out the form and insert an HTML injection payload (e.g.,
<h1>Injected Heading</h1>) in the Target Organization and Target Description fields.
- Click on the "Add Target" button to submit the form.
- Observe that the injected HTML code is executed in the target area, displaying the heading or triggering the malicious payload.
Impact
Exploitation of HTML Injection can compromise the application's integrity and user trust. Attackers can execute unauthorized actions, steal sensitive information, or trick users into performing harmful actions. The organization's reputation, customer trust, and regulatory compliance could be negatively affected.
ayushsinha30 Reporter
Summary
HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the application, where the Target Organization and Target Description fields accept HTML payloads. The injected HTML is rendered and executed in the target area, potentially leading to malicious actions.
PoC
<h1>Injected Heading</h1>) in the Target Organization and Target Description fields.Impact
Exploitation of HTML Injection can compromise the application's integrity and user trust. Attackers can execute unauthorized actions, steal sensitive information, or trick users into performing harmful actions. The organization's reputation, customer trust, and regulatory compliance could be negatively affected.