Summary
An HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication.
Observation
It is observed that in the portal of the customer account, there is a functionality in the email section to create an email address that accepts user input. By intercepting the request and modifying the "domain" field with an HTML injection payload containing an anchor tag, the injected payload is reflected on an error page. When clicked, it redirects users to an external website, confirming the presence of an HTML Injection vulnerability.
PoC
-
Navigate to the Email section in the Customer Account Portal and create a new email address.
-
Enter any garbage value in the required field and intercept the request using Burp Suite.
-
Locate the "domain" field in the intercepted request and replace its value with the following HTML Injection payload:
<a href="https://www.google.com">CLiCK</a>
-
Forward the modified request and observe that the injected payload is reflected on an error page.
-
Click on the displayed "CLiCK" link to verify that it redirects to https://www.google.com, confirming the presence of HTML Injection.
Impact
An attacker can exploit this HTML Injection vulnerability to manipulate the portal’s content, conduct phishing attacks, deface the application, or trick users into clicking malicious links. This can lead to credential theft, malware distribution, reputational damage, and potential compliance violations.
The users of the customer account portal are impacted by this vulnerability. Specifically, any user who interacts with the email section of the portal may be tricked into clicking malicious links, leading to potential phishing attacks, credential theft, and exposure to other malicious activities. The organization hosting the portal could also be impacted by reputational damage and compliance violations.
Recommendation
It is recommended to implement proper input validation and output encoding to prevent HTML Injection. The application should sanitize user input by stripping or escaping HTML tags before rendering it on the page.
References
BenefactorYuvi Reporter
Summary
An HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication.
Observation
It is observed that in the portal of the customer account, there is a functionality in the email section to create an email address that accepts user input. By intercepting the request and modifying the "domain" field with an HTML injection payload containing an anchor tag, the injected payload is reflected on an error page. When clicked, it redirects users to an external website, confirming the presence of an HTML Injection vulnerability.
PoC
Navigate to the Email section in the Customer Account Portal and create a new email address.
Enter any garbage value in the required field and intercept the request using Burp Suite.
Locate the "domain" field in the intercepted request and replace its value with the following HTML Injection payload:
<a href="https://www.google.com">CLiCK</a>Forward the modified request and observe that the injected payload is reflected on an error page.
Click on the displayed "CLiCK" link to verify that it redirects to
https://www.google.com, confirming the presence of HTML Injection.Impact
An attacker can exploit this HTML Injection vulnerability to manipulate the portal’s content, conduct phishing attacks, deface the application, or trick users into clicking malicious links. This can lead to credential theft, malware distribution, reputational damage, and potential compliance violations.
The users of the customer account portal are impacted by this vulnerability. Specifically, any user who interacts with the email section of the portal may be tricked into clicking malicious links, leading to potential phishing attacks, credential theft, and exposure to other malicious activities. The organization hosting the portal could also be impacted by reputational damage and compliance violations.
Recommendation
It is recommended to implement proper input validation and output encoding to prevent HTML Injection. The application should sanitize user input by stripping or escaping HTML tags before rendering it on the page.
References