In this article, we will discuss about what is Content Spoofing, how it will affect your website and business, and how to prevent Content Spoofing.
Content Spoofing or Content Injection is one of the common website attack targetting specific user or group of users by vulnerability on web application. It happens when web application is can't handle data supplied by end user. The attacker inject text or HTML content in the website, mostly through parameters. And the supplied data reflects back on the webpage. This type of attack mostly done to affect website SEO or defame businesses by compititors.
There are two type of attacks possible:
1. Text Injection
2. HTML Injection
Text Injection is type of Content Spoofing attack where attacker inject text data in the website and change the content of the website. For example, In some cases attacker might pass data via request parameters and create malicious link of trusted website.
For example, common website have login page, where error message display from query parameters.
Now attacker change this error message like below and send other users to ask login to another website and may get login credentials from users.
HTML injection is same as text injection but in this type of attack, HTML content is injected in webpage. In the above example, attacker may push HTML code into website and get user login data.
Here are few measures you can take to stop Content Spoofing:
1. Avoid use of displaying messages via request parameters, instead use temporary sessions.
2. Validate the data which are reflecting via request parameter.
3. Avoid passing HTML data through request parameter, if you really need it, use proper encoding before passing.
Pie Chart Example using Google Chart in Laravel 7Hello Artisan In this tutorial i will...
How to sort an associative array by value in PHPUse the PHP asort() and arsort() functio...
Change Password with Current Password Validation in LaravelToday, we will learn to update password...
Laravel 5.5 - simple crud operation with exampleToday, we are sharing how to make s...