Content Spoofing is the term used to define the type of attack by malicious programmers in which they present a fake website as a legitimate one to the user by text injection or html injection. When a web application does not properly handle the data supplied by the user using search etc. then the attacker can take advantage of such a situation and inject additional parameters that go unnoticed by the user. This leads to landing on another web page that looks the same as the original webpage. That page can ask the user to input information which is confidential and lead to serious harm if released.
Two basic types of injections are
Example
Some sites pass the html content too in the urls as parameters, usually inside a div tag.This causes a great vulnerability.
www.testing.com/siteAdcontent?divMessage=<h1>Click Here!!</h1> It is possible to modify it as −
www.testing.com/siteAdcontent?divMessage=<hack><h1>Do not Click!!</h1><hack>
Example
www.testing.com/loginAction?userName=abc&password=123 Can be appended as
www.testing.com/loginAction?errorMessage=PasswordEmpty This new url can take users to a page which displays false content and may offend the user.