Description
HTML Attribute Injection is an attack that is conceptually similar to Cross-site Scripting (XSS), andclosely related to HTML Injection. Acunetix was able to inject a new attribute into an existing HTML tag, but unable to inject arbitrary HTML or JavaScript code. When an application does not properly handle user supplied data, an attacker can supply valid HTML code, typically via a parameter value, and inject their own attributes and possibly attribute values, thereby altering the behavior of the page. This attack is typically used in conjunction with some form of social engineering, as the attack is exploiting a code-based vulnerability and a user's trust.
Remediation
The web application should filter metacharacters from user input, and apply context-sensitive encoding when reflecting user input.
References
Testing for HTML Injection (OTG-CLIENT-003)
CERT advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests
Related Vulnerabilities
WordPress Plugin Chunks Cross-Site Scripting (1.1)
WordPress Plugin PhotoXhibit Multiple Cross-Site Scripting Vulnerabilities (2.1.8)
WordPress Plugin Multilanguage by BestWebSoft Cross-Site Scripting (1.2.1)
WordPress plugin WPtouch insecure nonce generation
WordPress Plugin Testimonial Slider Cross-Site Scripting (1.2.1)