HTML Injections (HTMLi) Lab

Infosec Learning
Virtual Lab

HTMLi is the process of inserting unauthorized HTML elements into client-side files, which renders and alters the original webpage. In this lab we will add some vulnerable PHP code embedded in HTML to our custom homepage. Then, we will exploit the vulnerable code with an HTMLi attack using a method known as form stealing. Lastly, we will demonstrat...

Time
1 hour 30 minutes
Difficulty
Intermediate
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or
View all SSO options

Already have an account? Sign In »

Overview

HTMLi is the process of inserting unauthorized HTML elements into client-side files, which renders and alters the original webpage. In this lab we will add some vulnerable PHP code embedded in HTML to our custom homepage. Then, we will exploit the vulnerable code with an HTMLi attack using a method known as form stealing. Lastly, we will demonstrate how an HTML-injected webpage can be used during a spear phishing attack.

Learning Partner
Infosec Learning

Infosec Learning provides businesses, colleges, governments, and K-12 school districts a feature rich information technology training and skill assessment service via an advanced, cloud based, virtual machine powered platform, capable of significant customization with unlimited scale and growth potential.