Skip to main content

Posts

Showing posts with the label content spoofing

Text Based Injection | Content Spoofing | Low Impact Common Web Vulnerability

Text Based Injection: Text injection or Text-Based Injection(TBI) is an injection in which user input is reflected as it is in the application response as plaintext. This is one of the ways to perform content spoofing also referred to as content injection or virtual defacement which can be used in phishing attacks.

An application is vulnerable to Text injection when it does not properly handle user-supplied data, an attacker can supply content to a web application, typically via a parameter value, or from the URL only that is reflected back to the user. The user will be presented with a modified page under the context of the trusted domain.

Attack Type: Client-Side Vulnerability
Severity: Low
Audit Guidelines Text injection can be easily found where 1) User input via parameter or directly in the URL is reflected in the page response. 2) Content-Type: text/plain 3) Application is giving default error pages Proof of Concept If you research little more to understand why it is happening a…