An Effective Implementation of HTML Injection
Bharat Bhatia, Charu Sharma
Journal Title:Engineering and Scientific International Journal
HTML injection is an attack that is closely related to Cross-site Scripting (XSS). The difference is not in the vulnerability, but in the type of attack that leverages the vulnerability. Hypertext Markup Language (HTML) injection, also sometimes referred to as virtual defacement, is an attack on a user made possible by an injection vulnerability in a web application. When an application does not properly handle user supplied data, an attacker can supply valid HTML, typically via a parameter value, and inject their own content into the page. This attack is typically used in conjunction with some form of social engineering, as the attack is exploiting a code-based vulnerability and a user's trust.