Updates html-injection.md

    * [Attacking the User](attacking_the_user.md)

      * [Clickjacking](clickjacking.md)

      * [Broken Authentication or Session Management](broken_authentication_or_session_management.md)

      * [Text\/content-injection](text-injection.md)

      * [Text/content-injection](text-injection.md)

      * [HTML-Injection](html-injection.md)

      * [Insecure Direct Object Reference \(IDOR\)](insecure-direct-object-reference-idor.md)

      * [Subdomain Takeover](subdomain_takeover.md)

      * [Cross Site Request Forgery](cross_site_request_forgery.md)

      * [Cross-site-scripting](cross-site-scripting.md)

      * [Cross-Site Scripting](cross-site-scripting.md)

        * [Examples](examplesXSS.md)

        * [DOM-based XSS](dom-based-xss.md)

      * [Browser Vulnerabilities](browser_vulnerabilities.md)

      * [Java Applet](java_applet.md)

      * [Insecure Direct Object Reference \(IDOR\)](insecure-direct-object-reference-idor.md)

      * HTML-Injection

  * [Automated Vulnerability Scanners](automated_vulnerability_scanners.md)

* [Exploiting](exploiting.md)

  * [Social Engineering - Phishing](social_engineering_-_phishing.md)

## HTML-Injection

This attack is really similar to to Cross-Site Scripting attacks. 

What we can do:

* Create a fake login-page, that tricks the user to log in again, but the post-is sent to a server that the attacker controls. And can thereby steal the credentials of the user.

* Inject javacript.

### Injecting Javascript

Javascript can be injected into html-tags, which can be used to steal cookies and other things.

### Injecting HTML

The attacker can inject html forms that tricks the user into giving up sensitive data.