Text-Based Injection Attack | Content Spoofing | Web Vulnerability
TEXT INJECTION : Content spoofing attack also known as “content text injection” , “arbitary text injection” or “Virtual defacement” is an attack used by the attackers to modify the website to and that can lead the user to a very intense attack like phishing, And also this a client side attack and its severity is low but it can be lead to attack like xss (cross site scripting) content spoofing attack would be to present false information to a user via text manipulation commonly scammers were use this vulnerability.
Text injection can be easily found if:
- User input via parameter or directly in the URL is reflected in the page response.
- Content-Type: text/plain.
- Application is giving default error pages.
EASY STEPS FOR TEXT INJECTION EXPLOITATION
- An attacker identifies a web application that gives recommendations to its users on whether they should buy or sell a particular stock
- The attacker identifies a vulnerable parameter
- The attacker crafts a malicious link by slightly modifying a valid request
- The link containing the modified request is sent to a user and they clicks the link
- A valid webpage is created using the attackers malicious recommendation and the user believes the recommendation was from the stock website.
Attack scenario
url : http://www.iffcokandla.in/data/polopoly_fs/1.2503303.1438121378!/fileserver/file/515806/filename/image.png
How to do it ?
simply edit the error page url like this.
now its look like this.
Impact
- An attacker identifies a web application that gives recommendations to its users on whether they should buy or sell a particular stock
- The attacker identifies a vulnerable parameter
- The attacker crafts a malicious link by slightly modifying a valid request
- The link containing the modified request is sent to a user and they clicks the link
- A valid webpage is created using the attackers malicious recommendation and the user believes the recommendation was from the stock website.
How to prevent
- Avoid use of displaying messages via request parameters, instead use temporary sessions.
- Validate the data which are reflecting via request parameter.
- Avoid passing HTML data through request parameter, if you really need it, use proper encoding before passing.
REFERED FROM
- https://owasp.org/www-community/attacks/Content_Spoofing
- https://www.geeksforgeeks.org/content-spoofing/
- https://medium.com/@deepmarketer/text-based-injection-content-spoofing-96e9eb1615d8
Thank you for reading….! Happy Hacking..!