here is an example of an HTML injection reflected (GET)

Let's assume there is a website that allows users to search for products based on their name. The website has a search box where users can enter the name of the product they are looking for, and the website will display a list of products that match the search criteria.

Now, let's say an attacker wants to inject HTML code into the search box so that it gets executed by the website when the search results are displayed. The attacker can do this by entering the following code into the search box:

```

<script>alert('You have been hacked!')</script>

```

When the user submits the search query, the website retrieves the search term from the query string and displays it on the results page. However, because the attacker has injected a malicious script into the search term, the script will be executed by the browser when the search results are displayed, resulting in an alert box that says "You have been hacked!".

This type of attack can be used to steal user credentials, redirect users to a phishing site, or perform other malicious actions on the user's behalf. To prevent HTML injection attacks, it is important to sanitize user input and validate it before displaying it on a webpage. Web developers can use various techniques such as input validation, output encoding, and using HTTP headers to prevent such attacks.

Bagikan Artikel ini