HTML injection is the insertion of arbitrary HTML code into a vulnerable web page. Vulnerabilities in this area may lead to the disclosure of sensitive information or the modification of page content for the purposes of socially engineering the user.
Using the OWASP Mutillidae II Capture Data Page, let's determine whether the application is susceptible to HTML injection attacks.
- Navigate to OWASP 2013 | A1 – Injection (Other) | HTMLi Via Cookie Injection | Capture Data Page:
- Note how the page looks...