[eBook] Code Injection - HTML Injection

[Fi8sVrs]

Demonstration by Shritam Bhowmick
Web Application Penetration Tester
Independent Consulting Security Evangelist

 

Dated: 22nd August, 2014, Springs, 9:22 PM IST

 

Web Application Exploitation with Shritam Bhowmick

 

Contents:

Hack...............................................................................................................................................................3

HTML Injection as Code Injection....................................................................................................................5

Deploying a sample Vulnerable ASP code for HTML Injection...........................................................................6

Injecting HTML Code into ASP based Application – HTML Injection................................................................18

Mitigating HTML Injection Vulnerable ASP code..............................................................................................22

Mitigating Vulnerable ASP Code via Input Sanitization....................................................................................23

Mitigating Vulnerable ASP Code via Output Encoding.....................................................................................27

Input Sanitization and Output Encoding Combined.........................................................................................30

Deploying a sample Vulnerable PHP code for HTML Injection..........................................................................31

Injecting HTML code into PHP based Application – HTML Injection.................................................................34

Mitigating HTML Injection Vulnerable PHP Code.............................................................................................36

Mitigating Vulnerable PHP Code via Input Sanitization....................................................................................37

Mitigating Vulnerable PHP Code via Output Sanitization.................................................................................39

Input Sanitization and Output Sanitization Combined.....................................................................................41

Deploying a Sample Vulnerable Python Code for HTML Injection.....................................................................42

Injecting HTML Code into Python based Application – HTML Injection............................................................48

Mitigating HTML Injection Vulnerable Python Code.........................................................................................51

Mitigating Vulnerable Python Code via Escaping.............................................................................................57

Mitigating Python Vulnerable Code via Websafe on Web Library......................................................................62

HTML Injection Scenario 1 – HTMLi on Attribute Context in Tags....................................................................66

HTML Injection Scenario 2 – HTMLi on Output Data Length Restriction..........................................................71

Contact Information.......................................................................................................................................81

 

Download: https://dl.packetstormsecurity.net/papers/general/codehtml-injection.pdf

 

Source: https://packetstormsecurity.com/files/143995/Code-Injection-HTML-Injection.html