HTMLi Vulnerability and Mitigation Lab

Infosec Learning
Virtual Lab

PHP has many filters that can be used to mitigate attacks. However, if the filters are wrongly used or have been deprecated, they can be bypassed. In this lab, we begin by provisioning the virtual environment and give a brief description of the action script used to collect and store usernames and passwords stolen from the HTML form in HTML Injecti...

Time
1 hour 30 minutes
Difficulty
Intermediate
Share
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Overview

PHP has many filters that can be used to mitigate attacks. However, if the filters are wrongly used or have been deprecated, they can be bypassed. In this lab, we begin by provisioning the virtual environment and give a brief description of the action script used to collect and store usernames and passwords stolen from the HTML form in HTML Injections lab. Then we will provide a brief description of the vulnerability and implement a control in an attempt to prevent the complete INPUT element from being injected and rendered. After demonstrating how the control works, you will be tasked with circumventing the control by allowing the input field to be displayed on the webpage. Implementation of the control and running the script will be performed from the Ubuntu client, and all pentesting will be performed from Kali.