Bug Bounty Hunting – iframe Injection & HTML Injection
An iframe attack is when a hacker or an attacker embeds malicious code in your website page that
executes various malicious instructions. This is when for example it is usually bundled with malware on
the web server that then redirects the home page to another website. The tools the other tool we will
be using are going to be uh bewap. Iframe injection is going to be used to attack a vulnerable web
application. Be burp will be our intercepting proxy the rest I ‘ll be explaining as we move along all right
so with bwap it ‘s really really very simple. All you need to do is essentially load up the ip address and we
‘re good to go all right. The URL radio is very very important and allows us to specify any particular file
on the local web route so for example we have a file here called 666 and essentially is like a flag that you
‘re supposed to find when fuzzing the web application. For example if I open up 666 you can see that it’s
going to tell us right over here hi little b.
If this uh if this web application was incorrectly configured then that means that we could essentially
view any files on the target web server and how would we do that so for example I have burp suite set
up here and what I ‘m going to do is re-reload this page and it ‘s going to reload it for us I ‘ll enable the
proxy through foxy proxy right over here and I will also turn on intercept. We are only restricted to the
web server or the web root directory. The get request has been formatted incorrectly and the web
application in this case is vulnerable to an html injection attack. The tag is n’t closed which means if we
close it we should be able to execute code now this is because this get request is formatted incorrectly.
The video is sort of out there to explain how you can go about doing this now. The goal of this video was
to explain how it works. We can now move on to command injection and all that good stuff
Bug Bounty Hunting – iframe Injection & HTML Injection
An iframe attack is when a hacker or an attacker embeds malicious code in your website page that
executes various malicious instructions. This is when for example it is usually bundled with malware on
the web server that then redirects the home page to another website. The tools the other tool we will
be using are going to be uh bewap. Iframe injection is going to be used to attack a vulnerable web
application. Be burp will be our intercepting proxy the rest I ‘ll be explaining as we move along all right
so with bwap it ‘s really really very simple. All you need to do is essentially load up the ip address and we
‘re good to go all right. The URL radio is very very important and allows us to specify any particular file
on the local web route so for example we have a file here called 666 and essentially is like a flag that you
‘re supposed to find when fuzzing the web application. For example if I open up 666 you can see that it’s
going to tell us right over here hi little b.
If this uh if this web application was incorrectly configured then that means that we could essentially
view any files on the target web server and how would we do that so for example I have burp suite set
up here and what I ‘m going to do is re-reload this page and it ‘s going to reload it for us I ‘ll enable the
proxy through foxy proxy right over here and I will also turn on intercept. We are only restricted to the
web server or the web root directory. The get request has been formatted incorrectly and the web
application in this case is vulnerable to an html injection attack. The tag is n’t closed which means if we
An iframe attack is when a hacker or an attacker embeds malicious code in your website page that
executes various malicious instructions. This is when for example it is usually bundled with malware on
the web server that then redirects the home page to another website. The tools the other tool we will
be using are going to be uh bewap. Iframe injection is going to be used to attack a vulnerable web
application. Be burp will be our intercepting proxy the rest I ‘ll be explaining as we move along all right
so with bwap it ‘s really really very simple. All you need to do is essentially load up the ip address and we
‘re good to go all right. The URL radio is very very important and allows us to specify any particular file
on the local web route so for example we have a file here called 666 and essentially is like a flag that you
‘re supposed to find when fuzzing the web application. For example if I open up 666 you can see that it’s
going to tell us right over here hi little b.
If this uh if this web application was incorrectly configured then that means that we could essentially
view any files on the target web server and how would we do that so for example I have burp suite set
up here and what I ‘m going to do is re-reload this page and it ‘s going to reload it for us I ‘ll enable the
proxy through foxy proxy right over here and I will also turn on intercept. We are only restricted to the
web server or the web root directory. The get request has been formatted incorrectly and the web
application in this case is vulnerable to an html injection attack. The tag is n’t closed which means if we
close it we should be able to execute code now this is because this get request is formatted incorrectly.
The video is sort of out there to explain how you can go about doing this now. The goal of this video was
to explain how it works. We can now move on to command injection and all that good stuff
Bug Bounty Hunting – iframe Injection & HTML Injection
An iframe attack is when a hacker or an attacker embeds malicious code in your website page that
executes various malicious instructions. This is when for example it is usually bundled with malware on
the web server that then redirects the home page to another website. The tools the other tool we will
be using are going to be uh bewap. Iframe injection is going to be used to attack a vulnerable web
application. Be burp will be our intercepting proxy the rest I ‘ll be explaining as we move along all right
so with bwap it ‘s really really very simple. All you need to do is essentially load up the ip address and we
‘re good to go all right. The URL radio is very very important and allows us to specify any particular file
on the local web route so for example we have a file here called 666 and essentially is like a flag that you
‘re supposed to find when fuzzing the web application. For example if I open up 666 you can see that it’s
going to tell us right over here hi little b.
If this uh if this web application was incorrectly configured then that means that we could essentially
view any files on the target web server and how would we do that so for example I have burp suite set
up here and what I ‘m going to do is re-reload this page and it ‘s going to reload it for us I ‘ll enable the
proxy through foxy proxy right over here and I will also turn on intercept. We are only restricted to the
web server or the web root directory. The get request has been formatted incorrectly and the web
application in this case is vulnerable to an html injection attack. The tag is n’t closed which means if we
