INTRODUCTION TO WEB APPLICATIONS

mohan10216 · January 31, 2021, 4:01am

If you wanted to inject a malicious link to “www.malicious.com”, and have the clickable text read ‘Click Me’, how would you do that?

On this question asking to perform a html injection i have tried multiple approaches but i don’t know what format i’m supposed to awnser the question. also i’m really unsure of what some of the questions in the module want. in the first question i’m very sure the awnser is but it refuses to accept it and the page is just left loading and i cant click the submit button. Any help would be greatly appreciated.

TazWake · January 31, 2021, 3:10pm

I dont think there is a one-size fits all answer to that. It really does depend on the application.

I haven’t looked at this lab in the academy so I dont know what it is asking for, but generally the academy modules build on each other, so there should be something mentioned previously which covers this.

ByteM3 · February 1, 2021, 11:29am

Snap ref the submit button. The page has to be refreshed and putting in random text can be submitted howevever it refuses to process my JS even if its blatantly the wrong answer. Tried quotes etc also. Tested in burp and what i have does work.

ByteM3 · February 1, 2021, 11:34am

Type your comment> @ByteM3 said:

Snap ref the submit button. The page has to be refreshed and putting in random text can be submitted howevever it refuses to process my JS even if its blatantly the wrong answer. Tried quotes etc also. Tested in burp and what i have does work.

Update. Dont try and over compliate it using JS. Basic HTML is accepted.

Degabyte · February 3, 2021, 12:35am

Hi Hackers! I am stuck in INTRODUCTION TO WEB APPLICATIONS/HTML INJECTION the payload works but in the answer it does not accept the HTML coding. Is there anyone who can help me?

lalinco · February 4, 2021, 7:29pm

Someone knows the answer?

DirtyJymmi · February 8, 2021, 5:15pm

You need to substitute the HTML a> /a> link tag, specify www.malicious.com and attach this link to the Click Me tag. You can find out more by reading about a> tags

Or if you are too lazy to look, then the solution:
a> href=“www.malicious.com”> Click Me /a>
But I recommend that you familiarize yourself with html link tags

DanielRossi · February 9, 2021, 9:05pm

I tried ‘<‘a href=“http://www.malicious.com”>Click Me</a’>’ without success

Lithios · February 12, 2021, 1:21am

same problem, I found the solution in target system but i cannot asnwer… The system dont’ accept the answer I use:
“solution”
‘solution’

@Elluminator said:
You need to substitute the HTML a> /a> link tag, specify www.malicious.com and attach this link to the Click Me tag. You can find out more by reading about a> tags

Or if you are too lazy to look, then the solution:
a> href=“www.malicious.com”> Click Me /a>
But I recommend that you familiarize yourself with html link tags

this solution don’t work to answer…

Same problem with next answer, I tried also:
#">
"

//

Alinachan · February 12, 2021, 1:46pm

Hi all, regarding the same module, I’m stuck at the section “Sensitive Data Exposure”.

Question: “Check the above login form for exposed passwords.”.
Hint: “Use ctrl+u to show source in Firefox, or right click > View Page Source”.

My problem: The only login form in the page is the image of the example. I can’t find anything. Am I missing something?

Soupe · February 22, 2021, 2:51am

@Alinachan said:

Hi all, regarding the same module, I’m stuck at the section “Sensitive Data Exposure”.

Question: “Check the above login form for exposed passwords.”.

Hint: “Use ctrl+u to show source in Firefox, or right click > View Page Source”.

My problem: The only login form in the page is the image of the example. I can’t find anything. Am I missing something?

You went through the lesson too fast. It tells you to look closely at the comments. I can’t say any more, but I hope this helps.

Soupe · February 22, 2021, 3:04am

@DanielRossi said:

I tried ‘<‘a href=“http://www.malicious.com”>Click Me</a’>’ without success

All I can say is rewrite the link.

sonihmgmail · February 24, 2021, 5:00pm

Same issue here. Is anyone able to answer this question?

LSXIX · March 1, 2021, 8:19pm

I’m trouble. The link redirects to a page with “Not” Found" warning

LSXIX · March 1, 2021, 9:04pm

I manage to solve. Thanks, guys

LSXIX · March 1, 2021, 9:06pm

managed*

syst3m · March 29, 2021, 12:03pm

the question: If you wanted to inject a malicious link to “www.malicious.com”, and have the clickable text read ‘Click Me’, how would you do that?

Hey cam i get a hint on how to the answer should be formatted i mean i tried the <a… tags with multiple formats but nothing

sl33p · March 29, 2021, 2:56pm

with no spolired read the question, you are on the right way but keep attention on the ‘’ see how <a tag is formatted on the internet and remember that is’t a string

DK9510 · April 19, 2021, 3:49am

Type your comment> @Soupe said:

@Alinachan said:

Hi all, regarding the same module, I’m stuck at the section “Sensitive Data Exposure”.

Question: “Check the above login form for exposed passwords.”.

Hint: “Use ctrl+u to show source in Firefox, or right click > View Page Source”.

My problem: The only login form in the page is the image of the example. I can’t find anything. Am I missing something?

You went through the lesson too fast. It tells you to look closely at the comments. I can’t say any more, but I hope this helps.

i didn’t find any login form in this page…

DemiScuzz · May 10, 2021, 11:41am

For those who have not cracked this one, its in the finer details have you tried it with https:// and without?

Have you tried it with a space before Click Me and a space after.