HTML and CSS Injection :

Today i will talk about HTML and CSS injection. Any web application design by HTML, CSS and JavaScript, those are  executed in client server. So if any attacker try with execute html or CSS or JavaScript code using URL parameter or input field and if successfully execute in client server via remote server. So this web application is vulnerable.

Now i will Demonstrate with PureVPN Official Website, That contain have HTML and CSS Injection. So Lets Start




1st Step :  Go to the
PureVPN Vulnerable website url

2nd Step : Now i am going to find out URL parameter and set my plain text and hit my enter button.



Now we can see the value that content i was set into URL parameter. So Now we can see plain text so we can call it text injection. Ok now we can try with execute html code into this URL Parameter if it will execute this application is vulnerable. So now the HTML code is also executed




Now I am going try with CSS code it will also execute in this URL.




Video  POC



HTML and CSS Injection POC for PureVPN