O'Reilly logo

Real-World Bug Hunting by Peter Yaworski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

5HTML INJECTION AND CONTENT SPOOFING

Image

Hypertext Markup Language (HTML) injection and content spoofing are attacks that allow a malicious user to inject content into a site’s web pages. The attacker can inject HTML elements of their own design, most commonly as a <form> tag that mimics a legitimate login screen in order to trick targets into submitting sensitive information to a malicious site. Because these types of attacks rely on fooling targets (a practice sometimes called social engineering), bug bounty programs view content spoofing and HTML injection as less severe than other vulnerabilities covered in this book.

An HTML injection vulnerability ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required