Content Spoofing

Content Spoofing is the term used to define the type of attack by malicious programmers in which they present a fake website as a legitimate one to the user by text injection or html injection. When a web application does not properly handle the data supplied by the user using search etc. then the attacker can take advantage of such a situation and inject additional parameters that go unnoticed by the user. This leads to landing on another web page that looks the same as the original webpage. That page can ask the user to input information which is confidential and lead to serious harm if released.

Two basic types of injections are

Html Injection
Text Injection

Html Injection

The attacker finds the vulnerable web application.
The attacker sends the modified URL to the user by any means, usually via email. This URL has text injected.
By clicking on the URL user is navigated to the attackers webpage, looks like legitimate one.
User asked the information like username, password, card pins etc.
This information gets transferred to the attackers server.

Example

Some sites pass the html content too in the urls as parameters, usually inside a div tag.This causes a great vulnerability.

www.testing.com/siteAdcontent?divMessage=<h1>Click Here!!</h1> It is possible to modify it as −

www.testing.com/siteAdcontent?divMessage=<hack><h1>Do not Click!!</h1><hack>

Text Injection

The attacker finds the vulnerable web application.
The attacker modifies the values of the parameters passed in the URL.
The malformed page request link is sent to the attackers server.
A valid web page now shows the false information according to the parameters.
Happens when the message is passed via request parameters.

Example

www.testing.com/loginAction?userName=abc&password=123 Can be appended as

www.testing.com/loginAction?errorMessage=PasswordEmpty This new url can take users to a page which displays false content and may offend the user.

Sunidhi Bansal

Published on 04-Aug-2020 13:36:20

Previous Page Print Page