Posts

Injection - HTML Injection Tutorial: Types & Prevention with Examples

Image
HTML Injection Tutorial: Types & Prevention with Examples HTML injection is a type of injection issue that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. This vulnerability can have many consequences, like disclosure of a user's session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims. An In-depth look at HTML Injection: To get a better perception of HTML Injection, firstly we should know what HTML is. HTML is a markup language, where all the website’s elements are written in the tags. It is mostly being used for creating websites. Web pages are being sent to the browser in the form of HTML documents. Then those HTML documents are being converted into normal websites and displayed for the final users. This tutorial will give you a complete overview of HTML Injection, its

Reconnaissance | Information Gathering

Image
Reconnaissance  |  Information Gathering Reconnaissance is the act of gathering preliminary data or intelligence on your target. The data is gathered in order to better plan for your attack. Reconnaissance can be performed actively (meaning that you are directly touching the target) or passively (meaning that your recon is being performed through an intermediary).  Reconnaissance divide into two phases :- 1. Passive Reconnaissance :- During Information Gathering phase, Passive information gathering will take place before we move on to Active information gathering. Passive information gathering is relatively less aggressive than active information gathering. Unlike active information gathering which requires much more direct engagement with the target, passive does not. Passive information gathering uses publicly published information about the target organization by using Google Hacking (aka. Google Dorks), The Wayback Machine, Job postings, NetCraft, Whois sea