# How I Earned €150 in 2 Minutes | HTML injection in email

**Published by:** [Rogger](https://paragraph.com/@roggerlzh/)
**Published on:** 2022-10-15
**URL:** https://paragraph.com/@roggerlzh/how-i-earned-150-in-2-minutes-html-injection-in-email

## Content

Introduction :Hello all, hope you’re OK. Our journey today is about how I found HTML Injections in email a bug bounty program in just a few minutes with a cool technique. Let’s begin and call our target example.comWhat is HTML Injection?1-HTML Injection also known as Cross Site Scripting. It is a security vulnerability that allows an attacker to inject HTML code into web pages that are viewed by other users. 2-HTML injection is a vulnerability where an application accepts user input and then embeds the input into HTML. A malicious user can inject HTML through the user input so that their malicious HTML is embedded into the overall HTML generated by the application.Steps to Reproduce :1- Navigate to https://www.example.com 2- I can see that feedback pop-up on this website. Fig1)** Feedback Pop-up on this website** 3- Fill the form and enter the HTML payload in feedback column and enter the victim email. click on ‘send’ button.Payload ; <img src=”https://static.wikia.nocookie.net/mrbean/images/4/4b/Mr_beans_holiday_ver2.jpg">4- Check Email inbox, HTML tag will be executed.And Boom !!Fig2) Triggered a payload in Victim emailSerious Vulnerability :~ Abusing other users ~ Defacing ~ PhishingImpact :HTML injection, Phishing attacks This vulnerability can lead to the reformatting/editing of emails from an official "Target official" email address, which can be used in targeted phishing attacks.This could lead to users being tricked into giving logins away to malicious attackers.Perhaps an attacker using this type of vulnerability. Chances of sending 18+ images are very high. Misconceptions about a company’s name can have an impact on people.Resolutions :Sanitizing and validating inputs is usually the first layer of defense. Sanitizing consists of removing any unsafe character from user inputs, and validating will check if the data is in the expected format and type. I hope it will help you in your bug hunting !! Thanks for Reading !! ./Keep_Hacking

## Publication Information

- [Rogger](https://paragraph.com/@roggerlzh/): Publication homepage
- [All Posts](https://paragraph.com/@roggerlzh/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@roggerlzh): Subscribe to updates
- [Twitter](https://twitter.com/roggerufo): Follow on Twitter