
Vulnerability Description =>HTML injection is a type of injection issue that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. This vulnerability can have many consequences, like disclosure of a user’s session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims.
β β β β How to Exploit β β β β
1. Go to the PHP Appointment Booking Script site (http://phpscriptsmall.net/demo/appointment/).
β β β β

2. First, register and verify your account
β β β β

3. Now login into your account using username and password
β β β β

4. Goto my account and click edit account
β β β β

5. Type HTML code in any input area and Click on Update
(etc: <h1>HTML Injection Testing</h1>)
β β β β

6. Now you can see the HTML injection on your account
β β β β


Leave a Reply