Bug Bounty Hunting - iframe Injection & HTML Injection

Video Tutorial

iframe Injection and HTML Injection

What is an iframe?

An iframe is an HTML document embedded inside another HTML document
An iframe attack is when a hacker/attacker embeds malicious code in your website page that executes various malicious instructions.

Tools we will be using

  • bWAPP – Target vulnerable web application
  • Beebox – link in the description or manual install video will be made later
  • Burp – Intercepting proxy

Analyzing the webpage

• Set burp intercept and reload the page with the proxy enabled in the browser
• ParamUrl points to the particular file in the web server root directory.

You can test to see if you can access files outside the web directory

HTML Injection

Close the iframe


After closing the tag we can now perform HTML injection on the page by using HTML syntax

Burp – modify the request



Is it just like clickjacking attack scenario?