Last updated 9 months ago
The application prints our current URL on the page.
Let's turn on the intercept in Burpsuite and reload the page.
We can change the Host: field to any value we want.
Host:
Host: getHacked
Let's turn off the intercept so that the request reaches to the server.
We have successfully performed HTML injection.