HTMLi Vulnerability and Mitigation Lab

PHP has many filters that can be used to mitigate attacks. However, if the filters are wrongly used or have been deprecated, they can be bypassed. In this lab, we begin by provisioning the virtual environment and give a brief description of the action script used to collect and store usernames and passwords stolen from the HTML form in HTML Injecti...

Time
1 hour 30 minutes
Difficulty
Intermediate
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

Overview

PHP has many filters that can be used to mitigate attacks. However, if the filters are wrongly used or have been deprecated, they can be bypassed. In this lab, we begin by provisioning the virtual environment and give a brief description of the action script used to collect and store usernames and passwords stolen from the HTML form in HTML Injections lab. Then we will provide a brief description of the vulnerability and implement a control in an attempt to prevent the complete INPUT element from being injected and rendered. After demonstrating how the control works, you will be tasked with circumventing the control by allowing the input field to be displayed on the webpage. Implementation of the control and running the script will be performed from the Ubuntu client, and all pentesting will be performed from Kali.

Learning Partner
Infosec Learning

Infosec Learning provides businesses, colleges, governments, and K-12 school districts a feature rich information technology training and skill assessment service via an advanced, cloud based, virtual machine powered platform, capable of significant customization with unlimited scale and growth potential.

Similar Content
Exploitation and Mitigation: MSHTML Vulnerability (CVE-2021-40444)
Course
Exploitation and Mitigation: MSHTML Vulnerability (CVE-2021-40444)
5
The MSHTML Windows remote code execution vulnerability (CVE-2021-40444) identified in September 2021 could allow a ...
2CEUs
Vulnerability Scanner Set-up and Configuration
Virtual Lab
Vulnerability Scanner Set-up and Configuration
3.74
Students will setup and configure Core Impact in preparation of a vulnerability scan against an ...
Exploitation and Mitigation: Ghostcat (CVE-2020-1938)
Course
Exploitation and Mitigation: Ghostcat (CVE-2020-1938)
4.5
If you're a cybersecurity practitioner that wants to know more about how to exploit and ...
1CEUs