# Introduction
:BWAPP → Medium→ HTML Injection - reflected (GET)
# Training
: At this level, all of the previous level values are output as plain text as shown below.
 |
| <Input value is equal to low level> |
 |
| <Input value is equal to medium level> |
I checked the source code as well as the medium level. First, I checked the source code of htmli_get.php. At the htmli_get.php, I found that using the xss_check_3 function at high level.
Next, At the Functions_external.php, I could see what this function is.
I found that the htmlspecialchars function bypass the input value. This function is a basic function provided by php. It returns special characters used in HTML as UTF-8.
So, If you want to prevent HTML injections, you can use this function to make the characters used in HTML tags recognizes as text.
hy bro can u give me query to bypass this challenge ?
ReplyDelete%3Cscript%3Ealert(%22Sacheen%22)%3C%2Fscript%3E
ReplyDeletehow did u find out that source code ?
ReplyDeletePlease suggest the way by which you find that php source code.
ReplyDelete