What kind of injection points does this skill cover?

It covers a wide range of surfaces including search bars, comment sections, user profile fields, URL parameters, HTTP headers, and hidden form fields.

Can this skill help with automated security scanning?

Yes, the skill provides specific workflows for integrating with tools like Burp Suite and OWASP ZAP, as well as custom Python scripts for automated parameter fuzzing.

Does it provide remediation advice?

Absolutely. It includes specific code examples for multiple languages (PHP, Python, JavaScript) to demonstrate proper output escaping, input validation, and the use of sanitization libraries like DOMPurify.

What is the difference between HTML Injection and XSS?

HTML injection focuses on rendering malicious HTML tags to modify page appearance or create fake forms, whereas Cross-Site Scripting (XSS) involves the execution of malicious JavaScript code in the victim's browser.

Are advanced bypass techniques included?

Yes, the skill details various ways to evade basic filters using case variations, encoding (URL, HTML, Unicode), null bytes, and attribute-based injections.

HTML Injection Security Testing

Name: HTML Injection Security Testing
Author: boisenoise

byboisenoise

0•

セキュリティとテスト

Identifies and exploits HTML injection vulnerabilities to secure web applications against content manipulation and phishing attacks.

This skill provides a comprehensive framework for conducting professional HTML injection vulnerability assessments within your development workflow. It guides users through the entire security testing lifecycle, from initial mapping of attack surfaces and testing basic payloads to executing advanced techniques like CSS injection and filter bypasses. Whether you are performing a security audit or trying to demonstrate the impact of a bug through proof-of-concept phishing forms, this skill provides the methodologies, payloads, and remediation guidance necessary to harden web applications against unauthorized content modification.

主な機能

01Step-by-step methodologies for stored and reflected injection testing

02Advanced filter bypass techniques and encoding variations

03Phishing and defacement impact assessment templates

04Extensive library of HTML injection payloads for various contexts

050 GitHub stars

06Secure coding remediation examples for PHP, Python, and JavaScript

ユースケース

01Implementing and verifying robust HTML sanitization logic

02Creating proof-of-concept (PoC) exploits for vulnerability reporting

03Conducting automated or manual security audits on web input fields

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add boisenoise/skills-collections antigravity-html-injection-testing

For use in Claude.ai and ChatGPT

Download Skill