Text-Based Injection Attack | Content Spoofing | Web Vulnerability

WEBSITE VULNERABILITY

TEXT INJECTION : Content spoofing attack also known as “content text injection” , “arbitary text injection” or “Virtual defacement” is an attack used by the attackers to modify the website to and that can lead the user to a very intense attack like phishing, And also this a client side attack and its severity is low but it can be lead to attack like xss (cross site scripting) content spoofing attack would be to present false information to a user via text manipulation commonly scammers were use this vulnerability.

Text injection can be easily found if:

1. User input via parameter or directly in the URL is reflected in the page response.
2. Content-Type: text/plain.
3. Application is giving default error pages.

EASY STEPS FOR TEXT INJECTION EXPLOITATION

1. An attacker identifies a web application that gives recommendations to its users on whether they should buy or sell a particular stock
2. The attacker identifies a vulnerable parameter
3. The attacker crafts a malicious link by slightly modifying a valid request
4. The link containing the modified request is sent to a user and they clicks the link
5. A valid webpage is created using the attackers malicious recommendation and the user believes the recommendation was from the stock website.

Attack scenario

url : http://www.iffcokandla.in/data/polopoly_fs/1.2503303.1438121378!/fileserver/file/515806/filename/image.png

How to do it ?

simply edit the error page url like this.

edited url : http://www.iffcokandla.in/data/polopoly_fs/1.2503303.1438121378!/fileserver/file/515806/filename/image.png/%20please%20visit%20%22evil.com%22%20beacuse%20the%20link%20

now its look like this.

Impact

1. An attacker identifies a web application that gives recommendations to its users on whether they should buy or sell a particular stock
2. The attacker identifies a vulnerable parameter
3. The attacker crafts a malicious link by slightly modifying a valid request
4. The link containing the modified request is sent to a user and they clicks the link
5. A valid webpage is created using the attackers malicious recommendation and the user believes the recommendation was from the stock website.

How to prevent

1. Avoid use of displaying messages via request parameters, instead use temporary sessions.
2. Validate the data which are reflecting via request parameter.
3. Avoid passing HTML data through request parameter, if you really need it, use proper encoding before passing.

REFERED FROM

1. https://owasp.org/www-community/attacks/Content_Spoofing
2. https://www.geeksforgeeks.org/content-spoofing/
3. https://medium.com/@deepmarketer/text-based-injection-content-spoofing-96e9eb1615d8

Thank you for reading….! Happy Hacking..!