What kind of injection points does this skill cover?

It covers a wide range of surfaces including search bars, comment sections, user profile fields, URL parameters, HTTP headers, and hidden form fields.

Can this skill help with automated security scanning?

Yes, the skill provides specific workflows for integrating with tools like Burp Suite and OWASP ZAP, as well as custom Python scripts for automated parameter fuzzing.

Does it provide remediation advice?

Absolutely. It includes specific code examples for multiple languages (PHP, Python, JavaScript) to demonstrate proper output escaping, input validation, and the use of sanitization libraries like DOMPurify.

What is the difference between HTML Injection and XSS?

HTML injection focuses on rendering malicious HTML tags to modify page appearance or create fake forms, whereas Cross-Site Scripting (XSS) involves the execution of malicious JavaScript code in the victim's browser.

Are advanced bypass techniques included?

Yes, the skill details various ways to evade basic filters using case variations, encoding (URL, HTML, Unicode), null bytes, and attribute-based injections.

HTML Injection Security Testing

Name: HTML Injection Security Testing
Author: boisenoise

byboisenoise

セキュリティとテスト

Identifies and exploits HTML injection vulnerabilities to secure web applications against content manipulation and phishing attacks.

概要

This skill provides a comprehensive framework for conducting professional HTML injection vulnerability assessments within your development workflow. It guides users through the entire security testing lifecycle, from initial mapping of attack surfaces and testing basic payloads to executing advanced techniques like CSS injection and filter bypasses. Whether you are performing a security audit or trying to demonstrate the impact of a bug through proof-of-concept phishing forms, this skill provides the methodologies, payloads, and remediation guidance necessary to harden web applications against unauthorized content modification.

主な機能

Step-by-step methodologies for stored and reflected injection testing
Advanced filter bypass techniques and encoding variations
Phishing and defacement impact assessment templates
Extensive library of HTML injection payloads for various contexts
0 GitHub stars
Secure coding remediation examples for PHP, Python, and JavaScript

ユースケース

Implementing and verifying robust HTML sanitization logic
Creating proof-of-concept (PoC) exploits for vulnerability reporting
Conducting automated or manual security audits on web input fields

概要

主な機能

Step-by-step methodologies for stored and reflected injection testing
Advanced filter bypass techniques and encoding variations
Phishing and defacement impact assessment templates
Extensive library of HTML injection payloads for various contexts
0 GitHub stars
Secure coding remediation examples for PHP, Python, and JavaScript

ユースケース

Implementing and verifying robust HTML sanitization logic
Creating proof-of-concept (PoC) exploits for vulnerability reporting
Conducting automated or manual security audits on web input fields