In this article, we will discuss about what is Content Spoofing, how it will affect your website and business, and how to prevent Content Spoofing.
Content Spoofing or Content Injection is one of the common website attack targetting specific user or group of users by vulnerability on web application. It happens when web application is can't handle data supplied by end user. The attacker inject text or HTML content in the website, mostly through parameters. And the supplied data reflects back on the webpage. This type of attack mostly done to affect website SEO or defame businesses by compititors.
Content Spoofing is closely similar to Cross-site Scripting(XSS) except XSS uses javascript code to run script in the webpage while Content Spoofing is about changing webpage content.
There are two type of attacks possible:
1. Text Injection
2. HTML Injection
Text Injection is type of Content Spoofing attack where attacker inject text data in the website and change the content of the website. For example, In some cases attacker might pass data via request parameters and create malicious link of trusted website.
For example, common website have login page, where error message display from query parameters.
Now attacker change this error message like below and send other users to ask login to another website and may get login credentials from users.
HTML injection is same as text injection but in this type of attack, HTML content is injected in webpage. In the above example, attacker may push HTML code into website and get user login data.
Here are few measures you can take to stop Content Spoofing:
1. Avoid use of displaying messages via request parameters, instead use temporary sessions.
2. Validate the data which are reflecting via request parameter.
3. Avoid passing HTML data through request parameter, if you really need it, use proper encoding before passing.
Hi, My name is Harsukh Makwana. i have been work with many programming language like php, python, javascript, node, react, anguler, etc.. since last 5 year. if you have any issue or want me hire then contact me on [email protected]
Pie Chart Example using Google Chart in Laravel 7
Hello Artisan In this tutorial i will...How to sort an associative array by value in PHP
Use the PHP asort() and arsort() functio...Change Password with Current Password Validation in Laravel
Today, we will learn to update password...How do I ask for Location Permissions in Javascript
In this article, we will share with you...Laravel 5.5 - simple crud operation with example
Today, we are sharing how to make s...