# How Websites Work ![](/files/-McGveuk5OqBbBJDdZy3) ## How websites work When you visit a website, your browser (like Safari or Google Chrome) makes a request to a web server asking for information about the page you're visiting. It will respond with data that your browser uses to show you the page; a web server is just a dedicated computer somewhere else in the world that handles your requests. ![](/files/-McGwJoMwY4q60BSpkKa) There are two major components that make up a website: * Front End (Client-Side): The way your browser renders a website * Back End (Server-Side): A server that processes your request and returns a response ## HTML Websites are primarily created using: * HTML: To build websites and define their structure. * CSS: To make websites look pretty adding styling options * JavaScript: Implement complex features on pages using interactivity **H**yper**T**ext **M**arkup **L**anguage (HTML) is the language websites are written in. Elements (also known as tags) are the building blocks of HTML pages and tells browser how to display content. ![](/files/-McGxn8-sF0rTjvZgzlc) ![](/files/-McGy91ndBw5tnGcPzzY) ![](/files/-McGylX9EaBwylqQTval) ## JavaScript JavaScript (JS) is one of the most popular coding languages in the world and allows pages to become interactive. JavaScript is used to control the functionality of web pages - without JavaScript, a page would not have interactive elements and would always be static. ![](/files/-McGzfOsqTQj20qjglLc) ## Sensitive Data Exposure Sensitive Data Exposure occurs when a website doesn't properly protect (or remove) sensitive clear-text information to the end-user; usually found in a site's frontend source code. We now know that websites are built using many HTML elements (tags), all of which we can see simply by "viewing the page source". A website developer may have forgotten to remove login credentials, hidden links to private parts of the website or other sensitive data shown in HTML or JavaScript. ![](/files/-McH03ehI5-qmyAcfegd) ## HTML Injection HTML Injection is a vulnerability that occurs when unfiltered user input is displayed on the page. If a website fails to sanitize user input (filter any "malicious" text that a user inputs into a website), and that input is used on the page, an attacker can inject HTML code into a vulnerable website. Database injection is where you can manipulate a database lookup query to log in as another user by controlling the input that's directly used in the query. ![](/files/-McH147ehVkTWobZcGcM) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://writeups.adityadindi.com/tryhackme/walkthroughs-easy/how-websites-work.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.