Android HackingBug BountyCyber SecurityCybrainLab SetupMalware AnalysispentestingTechTool
Trending

Bug Bounty Hunting – iframe Injection & HTML Injection

Bug Bounty Hunting – iframe Injection & HTML Injection

 

iframe Injection and HTML Injection

What is an iframe?

An iframe is an HTML document embedded inside another HTML document
An iframe attack is when a hacker/attacker embeds malicious code in your website page that executes various malicious instructions.

Tools we will be using

  • bWAPP – Target vulnerable web application
  • Beebox – link in the description or manual install video will be made later
  • Burp – Intercepting proxy

Analyzing the webpage

• Set burp intercept and reload the page with the proxy enabled in the browser
• ParamUrl points to the particular file in the web server root directory.

You can test to see if you can access files outside the web directory

HTML Injection

Close the iframe

“></iframe>

After closing the tag we can now perform HTML injection on the page by using HTML syntax

Burp – modify the request

></iframe><h1>Test</h1>

 

 

Did you like this?
Tip Ankush Gaikwad with Cryptocurrency

Donate Bitcoin to Ankush Gaikwad

Scan to Donate Bitcoin to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some bitcoin:

Donate Bitcoin Cash to Ankush Gaikwad

Scan to Donate Bitcoin Cash to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send bitcoin:

Donate Ethereum to Ankush Gaikwad

Scan to Donate Ethereum to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some Ether:

Donate Litecoin to Ankush Gaikwad

Scan to Donate Litecoin to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some Litecoin:

Donate Monero to Ankush Gaikwad

Scan to Donate Monero to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some Monero:

Donate ZCash to Ankush Gaikwad

Scan to Donate ZCash to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some ZCash:

Tags

Ankush Gaikwad

Software/web/App Developer and Cyber Security Investigator

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Close
Close
Open chat
1
Hello
Welcome to CYBRAIN INFOSEC
...you are chatting direct to Mr.Ancush Gaikwad (CTO).Feel free to share your query with him.
REGARDS
CYBRAIN INFOSEC

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

CYBRAIN INFOSEC will use the information you provide on this form to be in touch with you and to provide updates and marketing.