INTRODUCTION TO WEB APPLICATIONS

If you wanted to inject a malicious link to “www.malicious.com”, and have the clickable text read ‘Click Me’, how would you do that?

On this question asking to perform a html injection i have tried multiple approaches but i don’t know what format i’m supposed to awnser the question. also i’m really unsure of what some of the questions in the module want. in the first question i’m very sure the awnser is but it refuses to accept it and the page is just left loading and i cant click the submit button. Any help would be greatly appreciated.

I dont think there is a one-size fits all answer to that. It really does depend on the application.

I haven’t looked at this lab in the academy so I dont know what it is asking for, but generally the academy modules build on each other, so there should be something mentioned previously which covers this.

Snap ref the submit button. The page has to be refreshed and putting in random text can be submitted howevever it refuses to process my JS even if its blatantly the wrong answer. Tried quotes etc also. Tested in burp and what i have does work.

Type your comment> @ByteM3 said:

Snap ref the submit button. The page has to be refreshed and putting in random text can be submitted howevever it refuses to process my JS even if its blatantly the wrong answer. Tried quotes etc also. Tested in burp and what i have does work.

Update. Dont try and over compliate it using JS. Basic HTML is accepted.

Hi Hackers! I am stuck in INTRODUCTION TO WEB APPLICATIONS/HTML INJECTION the payload works but in the answer it does not accept the HTML coding. Is there anyone who can help me?

Someone knows the answer?

You need to substitute the HTML a> /a> link tag, specify www.malicious.com and attach this link to the Click Me tag. You can find out more by reading about a> tags

Or if you are too lazy to look, then the solution:
a> href=“www.malicious.com”> Click Me /a>
But I recommend that you familiarize yourself with html link tags

I tried ‘<‘a href=“http://www.malicious.com”>Click Me</a’>’ without success

same problem, I found the solution in target system but i cannot asnwer… The system dont’ accept the answer I use:
“solution”
‘solution’

@Elluminator said:
You need to substitute the HTML a> /a> link tag, specify www.malicious.com and attach this link to the Click Me tag. You can find out more by reading about a> tags

Or if you are too lazy to look, then the solution:
a> href=“www.malicious.com”> Click Me /a>
But I recommend that you familiarize yourself with html link tags

this solution don’t work to answer…

Same problem with next answer, I tried also:
#">
"

//

Hi all, regarding the same module, I’m stuck at the section “Sensitive Data Exposure”.

  • Question: “Check the above login form for exposed passwords.”.
  • Hint: “Use ctrl+u to show source in Firefox, or right click > View Page Source”.

My problem: The only login form in the page is the image of the example. I can’t find anything. Am I missing something?

@Alinachan said:

Hi all, regarding the same module, I’m stuck at the section “Sensitive Data Exposure”.

  • Question: “Check the above login form for exposed passwords.”.
  • Hint: “Use ctrl+u to show source in Firefox, or right click > View Page Source”.

My problem: The only login form in the page is the image of the example. I can’t find anything. Am I missing something?

You went through the lesson too fast. It tells you to look closely at the comments. I can’t say any more, but I hope this helps.

@DanielRossi said:

I tried ‘<‘a href=“http://www.malicious.com”>Click Me</a’>’ without success

All I can say is rewrite the link.

Same issue here. Is anyone able to answer this question?

I’m trouble. The link redirects to a page with “Not” Found" warning

I manage to solve. Thanks, guys

managed*

the question: If you wanted to inject a malicious link to “www.malicious.com”, and have the clickable text read ‘Click Me’, how would you do that?

Hey cam i get a hint on how to the answer should be formatted i mean i tried the <a… tags with multiple formats but nothing

with no spolired read the question, you are on the right way but keep attention on the ‘’ see how <a tag is formatted on the internet and remember that is’t a string :slight_smile:

Type your comment> @Soupe said:

@Alinachan said:

Hi all, regarding the same module, I’m stuck at the section “Sensitive Data Exposure”.

  • Question: “Check the above login form for exposed passwords.”.
  • Hint: “Use ctrl+u to show source in Firefox, or right click > View Page Source”.

My problem: The only login form in the page is the image of the example. I can’t find anything. Am I missing something?

You went through the lesson too fast. It tells you to look closely at the comments. I can’t say any more, but I hope this helps.

i didn’t find any login form in this page…

For those who have not cracked this one, its in the finer details have you tried it with https:// and without?

Have you tried it with a space before Click Me and a space after.