INTRODUCTION TO WEB APPLICATIONS

edited January 31 in Other

If you wanted to inject a malicious link to "www.malicious.com", and have the clickable text read 'Click Me', how would you do that?

On this question asking to perform a html injection i have tried multiple approaches but i don't know what format i'm supposed to awnser the question. also i'm really unsure of what some of the questions in the module want. in the first question i'm very sure the awnser is but it refuses to accept it and the page is just left loading and i cant click the submit button. Any help would be greatly appreciated.

Tagged:

Comments

  • I dont think there is a one-size fits all answer to that. It really does depend on the application.

    I haven't looked at this lab in the academy so I dont know what it is asking for, but generally the academy modules build on each other, so there should be something mentioned previously which covers this.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Snap ref the submit button. The page has to be refreshed and putting in random text can be submitted howevever it refuses to process my JS even if its blatantly the wrong answer. Tried quotes etc also. Tested in burp and what i have does work.

  • Type your comment> @ByteM3 said:

    Snap ref the submit button. The page has to be refreshed and putting in random text can be submitted howevever it refuses to process my JS even if its blatantly the wrong answer. Tried quotes etc also. Tested in burp and what i have does work.

    Update. Dont try and over compliate it using JS. Basic HTML is accepted.

  • Hi Hackers! I am stuck in INTRODUCTION TO WEB APPLICATIONS/HTML INJECTION the payload works but in the answer it does not accept the HTML coding. Is there anyone who can help me?

  • Someone knows the answer?

  • edited February 8

    You need to substitute the HTML a> /a> link tag, specify www.malicious.com and attach this link to the Click Me tag. You can find out more by reading about a> tags

    Or if you are too lazy to look, then the solution:
    a> href="www.malicious.com"> Click Me /a>
    But I recommend that you familiarize yourself with html link tags

  • edited February 9

    I tried '<'a href="http://www.malicious.com">Click Me</a'>' without success

  • edited February 12

    same problem, I found the solution in target system but i cannot asnwer... The system dont' accept the answer I use:
    "solution"
    'solution'

    @Elluminator said:
    You need to substitute the HTML a> /a> link tag, specify www.malicious.com and attach this link to the Click Me tag. You can find out more by reading about a> tags

    Or if you are too lazy to look, then the solution:
    a> href="www.malicious.com"> Click Me /a>
    But I recommend that you familiarize yourself with html link tags

    this solution don't work to answer...

    Same problem with next answer, I tried also:

    ">

    "
    >
    //

  • Hi all, regarding the same module, I'm stuck at the section "Sensitive Data Exposure".

    • Question: "Check the above login form for exposed passwords.".
    • Hint: "Use ctrl+u to show source in Firefox, or right click > View Page Source".

    My problem: The only login form in the page is the image of the example. I can't find anything. Am I missing something?

  • edited February 22

    @Alinachan said:

    Hi all, regarding the same module, I'm stuck at the section "Sensitive Data Exposure".

    • Question: "Check the above login form for exposed passwords.".
    • Hint: "Use ctrl+u to show source in Firefox, or right click > View Page Source".

    My problem: The only login form in the page is the image of the example. I can't find anything. Am I missing something?

    You went through the lesson too fast. It tells you to look closely at the comments. I can't say any more, but I hope this helps.

  • @DanielRossi said:

    I tried '<'a href="http://www.malicious.com">Click Me</a'>' without success

    All I can say is rewrite the link.

  • Same issue here. Is anyone able to answer this question?

  • I'm trouble. The link redirects to a page with "Not" Found" warning

  • I manage to solve. Thanks, guys

  • managed*

Sign In to comment.