Description
HTML Attribute Injection is an attack that is conceptually similar to Cross-site Scripting (XSS), andclosely related to HTML Injection. Acunetix was able to inject a new attribute into an existing HTML tag, but unable to inject arbitrary HTML or JavaScript code. When an application does not properly handle user supplied data, an attacker can supply valid HTML code, typically via a parameter value, and inject their own attributes and possibly attribute values, thereby altering the behavior of the page. This attack is typically used in conjunction with some form of social engineering, as the attack is exploiting a code-based vulnerability and a user's trust.
Remediation
The web application should filter metacharacters from user input, and apply context-sensitive encoding when reflecting user input.
References
Testing for HTML Injection (OTG-CLIENT-003)
CERT advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests
Related Vulnerabilities
Joomla! Core 3.0.x Cross-Site Scripting (3.0.0 - 3.0.3)
WordPress Plugin Alpine PhotoTile for Instagram Cross-Site Scripting (1.2.7.4)
WordPress Plugin FG PrestaShop to WooCommerce Cross-Site Scripting (3.19.1)
WordPress Plugin Read Offline Cross-Site Scripting (0.9.17)
WordPress Plugin Genesis Simple Share Cross-Site Scripting (1.0.6)