HTML Injections (HTMLi) Lab

Infosec Learning
Virtual Lab

HTMLi is the process of inserting unauthorized HTML elements into client-side files, which renders and alters the original webpage. In this lab we will add some vulnerable PHP code embedded in HTML to our custom homepage. Then, we will exploit the vulnerable code with an HTMLi attack using a method known as form stealing. Lastly, we will demonstrat...

Time
1 hour 30 minutes
Difficulty
Intermediate
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

Overview

HTMLi is the process of inserting unauthorized HTML elements into client-side files, which renders and alters the original webpage. In this lab we will add some vulnerable PHP code embedded in HTML to our custom homepage. Then, we will exploit the vulnerable code with an HTMLi attack using a method known as form stealing. Lastly, we will demonstrate how an HTML-injected webpage can be used during a spear phishing attack.

Learning Partner
Infosec Learning

Infosec Learning provides businesses, colleges, governments, and K-12 school districts a feature rich information technology training and skill assessment service via an advanced, cloud based, virtual machine powered platform, capable of significant customization with unlimited scale and growth potential.

Similar Content
HTMLi Vulnerability and Mitigation Lab
Virtual Lab
HTMLi Vulnerability and Mitigation Lab
PHP has many filters that can be used to mitigate attacks. However, if the filters ...
Introduction To OWASP Top Ten: A1 - Injection - Scored
Virtual Lab
Introduction To OWASP Top Ten: A1 - Injection - Scored
4.42
This module for the Introduction to OWASP Top Ten Module covers A1: Injection.
Exploitation and Mitigation: MSHTML Vulnerability (CVE-2021-40444)
Course
Exploitation and Mitigation: MSHTML Vulnerability (CVE-2021-40444)
5
The MSHTML Windows remote code execution vulnerability (CVE-2021-40444) identified in September 2021 could allow a ...
2CEUs