html-injection-testinglisted

This skill should be used when the user asks to "test for HTML injection", "inject HTML into web pages", "perform HTML injection attacks", "deface web applications", or "test content injection vulnerabilities". It provides comprehensive HTML injection attack techniques and testing methodologies.
aiskillstore/marketplace · ★ 334 · Testing & QA · score 83

Install: claude install-skill aiskillstore/marketplace

# HTML Injection Testing ## Purpose Identify and exploit HTML injection vulnerabilities that allow attackers to inject malicious HTML content into web applications. This vulnerability enables attackers to modify page appearance, create phishing pages, and steal user credentials through injected forms. ## Prerequisites ### Required Tools - Web browser with developer tools - Burp Suite or OWASP ZAP - Tamper Data or similar proxy - cURL for testing payloads ### Required Knowledge - HTML fundamentals - HTTP request/response structure - Web application input handling - Difference between HTML injection and XSS ## Outputs and Deliverables 1. **Vulnerability Report** - Identified injection points 2. **Exploitation Proof** - Demonstrated content manipulation 3. **Impact Assessment** - Potential phishing and defacement risks 4. **Remediation Guidance** - Input validation recommendations ## Core Workflow ### Phase 1: Understanding HTML Injection HTML injection occurs when user input is reflected in web pages without proper sanitization: ```html  <div> Welcome, <?php echo $_GET['name']; ?> </div>  ?name=<h1>Injected Content</h1>  <div> Welcome, <h1>Injected Content</h1> </div> ``` Key differences from XSS: - HTML injection: Only HTML tags are rendered - XSS: JavaScript code is executed - HTML injection is often stepping stone to XSS Attack goals: - Modify website appearance (defacement) -