This article has been indexed from Softpedia News / Security
Menlo Security evaluated HTML Smuggling or ISOMorph attacks, revealing that it can transmit malicious files to users while avoiding network security technologies, such as antiquated proxies and sandboxes.
The new method entails that threat actors are overcoming security measures to inject dangerous payloads directly into their victims’ web browser. HTML Smuggling is a sophisticated technique that uses JavaScript to create the malicious payload on the HTML page instead of sending an HTTP request to obtain a web server resource.
The technique is not a vulnerability or a design flaw in browser technology, but rather a tool web developers routinely use to optimize file downloads. ISOMorph attackers use JavaScript code to create the payload directly in the browser. Essentially, the JavaScript code creates an element “a”, sets the HREF …
Read the original article: HTML Smuggling is a New Threat Targetting Browsers