in the database and inject script tags to execute arbitrary JavaScript code. The code can for example steal session tokens and obtain higher privileges in the same manner as XSS did. Another source of XSS vulnerabilities on Kirby are the comments on the site. Comments are displayed by default on every page, and can be turned off by setting the appropriate variable. The danger with comments is that hackers can inject malicious code into them. There are two ways to do this. The first one is to send the comment through a form. The second one is to send an email through the site. In both cases, the hacker can execute any script he wants on the server and thereby gain access to the site's files.

HTML Injection - HTML Injections are one of the most common forms of XSS

HTML injection vulnerabilities are one of the most common forms of XSS. This is because XSS can be injected into any kind of markup, and HTML content is more likely to be found by hackers. It’s important to note that the manipulation doesn’t have to happen on a page. It could also occur in a comment or in a form. In these cases, it would be displayed in the browser and then executed on the server.

HTML Injection in Forms

HTML injection in forms is a common form of XSS attack. In these cases, the hacker tricks the individual into visiting a malicious site. The attacker then creates an HTML form with malicious JavaScript code within it and sends it to the victim via email or any other means.
The most important part of this particular type of attack is that the user can't tell just by looking at the code what's going on. This makes detection more difficult for any protection system that relies on looking at HTML source code. When the victim clicks on the form, they will be taken to a new page which has loaded from an external source, not from Kirby itself.


Published on: 08/29/2022 18:15:00 UTC
Last modified on: 09/07/2022 20:37:00 UTC