Text injection via invalid URLs
Injecting malicious content into a web url to mislead users.
Security Misconfiguration (SM)
How this template works
APIs Selection
The template uses API selection filters to extract a specific value from the URL. In this case, it extracts the value of the "url" parameter and assigns it to the variable "urlVar".
Execute request
The template performs a single request using the modified URL. It modifies the URL by appending a message and a fake website URL. The modified URL is then used to make the request.
Validation
The template validates the response received from the request. It checks if the response payload contains a specific message indicating that the URL has been changed to a fake website. It also checks if the response headers contain the "Content-Type" header with a value indicating that the response is in HTML format.
Frequently asked questions
What is the purpose of the "TEXT_INJECTION_VIA_INVALID_URLS" test in this array
How does the "TEXT_INJECTION_VIA_INVALID_URLS" attack impact users
What is the severity level of the "TEXT_INJECTION_VIA_INVALID_URLS" vulnerability
What are the categories and subcategories associated with the "TEXT_INJECTION_VIA_INVALID_URLS" vulnerability
What are some tags associated with the "TEXT_INJECTION_VIA_INVALID_URLS" vulnerability
Can you provide some references for further information on the "TEXT_INJECTION_VIA_INVALID_URLS" vulnerability
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "

Security team,
Rippling
Explore other tests
eSMTP - Config Discovery
Nginx - Git Configuration Exposure
Laravel - Sensitive Information Disclosure
Docker Container - Misconfiguration Exposure
Msmtp - Config Exposure
Parameters.yml - File Discovery
Mongo Express - Unauthenticated Access
Apache Airflow Configuration Exposure
Dockerrun AWS Configuration Exposure
Apache Config file disclosure
Appspec Yml Disclosure
CGI script environment variable