Lab 3: HTML Injection via File Upload

HTML injection attacks through file upload functionality

Difficulty: Medium

Lab Overview

This lab demonstrates HTML injection vulnerabilities that can be exploited through file upload functionality. Attackers can upload files containing malicious HTML content or reference uploaded files that get processed and rendered by the browser.

Objective: Use file upload functionality to achieve HTML injection and potentially XSS.

Vulnerable Code 
// Vulnerable: Direct output without validation
function process_uploaded_html($input) {
    if (empty($input)) {
        return "No input provided.";
    }
    
    // Vulnerable: Direct output without encoding
    return $input;
}
File Upload
Uploaded Files

No files uploaded yet.

HTML Injection
Vulnerability Details
  • Type: HTML Injection via File Upload
  • Severity: High
  • Method: POST
  • Issue: Direct processing of uploaded HTML files
File Upload HTML Injection Examples
  • malicious.html - Upload HTML file
  • <h1>Hello</h1> - Basic HTML
  • <script>alert(1)</script> - JavaScript
  • <img src="x" onerror="alert(1)"> - XSS
File Upload HTML Injection Payloads

Upload these files to test HTML injection vulnerabilities:

1. Basic HTML File (malicious.html):
Hacked!

HACKED!

This page has been compromised.

2. XSS HTML File (xss.html):
XSS Test

XSS Test

3. Phishing HTML File (phishing.html):
Login Required

Please Login

4. Keylogger HTML File (keylogger.html):
Keylogger

Type something

5. Cookie Stealer HTML File (cookie-stealer.html):
Cookie Stealer

Welcome

6. Redirect HTML File (redirect.html):
Redirecting...

Redirecting...

7. CSS Injection HTML File (css-injection.html):
CSS Injection

CSS Injected!

8. Form Hijacking HTML File (form-hijack.html):
Form Hijacker

Submit Form

9. Session Hijacking HTML File (session-hijack.html):
Session Hijacker

Session Hijacker

10. Advanced XSS HTML File (advanced-xss.html):
Advanced XSS

Advanced XSS

11. HTML Injection via Uploaded Files:
cat uploads/malicious.html head -10 uploads/xss.html grep "script" uploads/advanced-xss.html wc -l uploads/phishing.html
12. File Processing via Uploaded Files:
php uploads/malicious.html python uploads/xss.html node uploads/advanced-xss.html ruby uploads/phishing.html
13. File Inclusion via Uploaded Files:
include uploads/malicious.html require uploads/xss.html include_once uploads/advanced-xss.html require_once uploads/phishing.html
14. File Execution via Uploaded Files:
./uploads/malicious.html bash uploads/xss.html sh uploads/advanced-xss.html exec uploads/phishing.html
Real-World Attack Scenarios
Mitigation Strategies
  • Implement proper file upload validation and sanitization
  • Use whitelist-based file type validation
  • Implement Content Security Policy (CSP)
  • Use proper HTML encoding functions
  • Implement proper output encoding
  • Regular security testing and vulnerability assessments
  • Monitor for unusual file upload patterns and content