HTML Injection

  • Resolved glaukabazi

    (@glaukabazi)


    3 years, 5 months ago

    Hello guys,

    A site that i made for a client has gone through Acunetix security test and it has sent back an alert which you can find below

    ——-beginning of alert——–

    /wp-admin/adminajax.
php
Alert group HTML Injection
Severity Medium
Description
HTML Injection is an attack that is similar to Cross-site Scripting (XSS). While in the XSS
vulnerability the attacker can inject and execute Javascript code, the HTML injection attack
only allows the injection of certain HTML tags. When an application does not properly handle
user supplied data, an attacker can supply valid HTML code, typically via a parameter value,
and inject their own content into the page. This attack is typically used in conjunction with
some form of social engineering, as the attack is exploiting a code-based vulnerability and a
user's trust.
Attack scenario (OWASP)
A possible attack scenario is demonstrated below:
Attacker discovers injection vulnerability and decides to use an HTML injection attack
Attacker crafts malicious link, including his injected HTML content, and sends it to a
user via email
The user visits the page due to the page being located within a trusted domain
The attacker's injected HTML is rendered and presented to the user asking for a
username and password
The user enters a username and password, which are both sent to the attackers server
Recommendations Your script should filter metacharacters from user input.
Alert variants
13
Details
URL encoded POST input vars was set to
mdf%5Bfilter_post_blocks%5D%5B%5D=4198&mdf%5Bfilter_post_blocks_toggles%5
D%5B%5D=0&mdf%5Bmedafi_60db388190310%5D=the&mdf%5Bfilter_post_blocks%
5D%5B%5D=4199&mdf%5Bfilter_post_blocks_toggles%5D%5B%5D=0&mdf%5Btaxon
omy%5D%5Bselect%5D%5Bcategories%5D=&mdf%5Btaxonomy%5D%5Bselect%5D
%5Bcategories%5D%5B%5D=-1&mdf%5Btaxonomy%5D%5Bselect%5D%5Bpublisher
%5D=&mdf%5Btaxonomy%5D%5Bselect%5D%5Bpublisher%5D%5B%5D=-1&mdf%5B
filter_post_blocks%5D%5B%5D=4197&mdf%5Bfilter_post_blocks_toggles%5D%5B%
5D=0&mdf%5Bmedafi_60db384b4054d%5D%5Bfrom%5D=1604271599&mdf%5Bmedaf
i_60db384b4054d%5D%5Bto%5D=1622584799&meta_data_filter_bool=AND&mdf_tax_
bool=AND&mdf%5Bmdf_widget_options%5D%5Bslug%5D=documents&mdf%5Bmdf_
widget_options%5D%5Bmeta_data_filter_cat%5D=15&mdf%5Bmdf_widget_options%
5D%5Bshow_items_count_dynam%5D=&mdf%5Bmdf_widget_options%5D%5Btaxon
omies_options_post_recount_dyn%5D=1&mdf%5Bmdf_widget_options%5D%5Btaxo
nomies_options_hide_terms_0%5D=0&mdf%5Bmdf_widget_options%5D%5Bhide_me
ta_filter_values%5D=0&mdf%5Bmdf_widget_options%5D%5Bhide_tax_filter_values%
5D=0&mdf%5Bmdf_widget_options%5D%5Bsearch_result_page%5D=self&mdf%5Bm
df_widget_options%5D%5Bsearch_result_tpl%5D=self&mdf%5Bmdf_widget_options
%5D%5Bwoo_search_panel_id%5D=0&mdf%5Bmdf_widget_options%5D%5Baddition
al_taxonomies%5D=&mdf%5Bmdf_widget_options%5D%5Breset_link%5D=self&meta
_data_filter_cat=15<atXR9wL x=9578>.

    ———–end alert—–

    i can not offer access to the web cause the client doesn’t want to publish it before removing these alerts

    please let me know if there is anything i can do about this.

    thank you for your time

Viewing 1 replies (of 1 total)
  • Plugin Author RealMag777

    (@realmag777)

    Hello

    Can you please make the video about how exactly its works and MDTF role in this process. MDTF search link is just command to search form, and if params will not be recognized – default actions will be or just javascript error. For templates is responsible WordPress theme installed on the site.

Viewing 1 replies (of 1 total)
  • The topic ‘HTML Injection’ is closed to new replies.