Video Tutorial
iframe Injection and HTML Injection
What is an iframe?
An iframe is an HTML document embedded inside another HTML document
An iframe attack is when a hacker/attacker embeds malicious code in your website page that executes various malicious instructions.
Tools we will be using
- bWAPP – Target vulnerable web application
- Beebox – link in the description or manual install video will be made later
- Burp – Intercepting proxy
Analyzing the webpage
• Set burp intercept and reload the page with the proxy enabled in the browser
• ParamUrl points to the particular file in the web server root directory.
You can test to see if you can access files outside the web directory
HTML Injection
Close the iframe
"></iframe>"
After closing the tag we can now perform HTML injection on the page by using HTML syntax
Burp – modify the request
></iframe><h1>Test</h1>