HTML Injection - Reflected (POST)
Last updated
Last updated
We are provided with two input fields to input the first and last name.
Let's provide the input and intercept the request in Burpsuite.
We can see that the request method is POST.
Let's input the following HTML tag:
Let's intercept the request using Burpsuite.
As we can see, our input HTML characters have been URL encoded.
Let's encode the entire input including the name to check if that evades the security filter.
We have successfully exploited the HTML injection vulnerability.