Collaborate Disseminate
Is it possible to extract CSRF-token by using inline-CSS injection (inside style attribute)? (It seems to be impossible, because it is not possible to define CSS classes inside attributes.)
<p style=<?php echo htmlsp… Continue reading CSS injection: Extract CSRF-token by using inline-css injection
In its default settings, uMatrix content blocker allows CSS and images (JPG, PNG, etc) from all sources, unless denied by a site-specific block list. It also allows 1st party cookies, scripts, and multimedia.
How much can a … Continue reading What can a 3rd party learn about a user through only CSS and images?
I am working on a webpage which I embedded an external form page into with Iframe. I detected the external form page is configured to redirected to leave a than you message within the iframed external form page but I the func… Continue reading How to make Iframe From Redirect the Parent or Whole Web Page?
A security researcher has demonstrated a new way to track mouse movements even if users block JavaScript. Continue reading CSS tracking trick can monitor your mouse without JavaScript
When is an address bar not an address bar? When it’s a fake. Continue reading Android users: watch out for this fake address bar trick
I am crossing an analysis on a website and while fuzzing and testing I came across the below URL:
https//www.****.**.*/content/css/app.css
Which generated the below output:
/* Minification failed. Returning unminified contents.
(856,10… Continue reading Published URL File APP.CSS
I am learning Javascript. Also researching web based vulnerabilitys to learn. I just wondering how Javascript can be used to steal view page source or any text or any tokens leaking on the page via Clickjacking. I need a demo… Continue reading Stealing page source via Clickjacking
I’m looking for a way to create a CSS injection proof-of-concept. I can insert the following and it gets reflected in the browser:
<style>body{background-color:red}</style>
The only issue is that the colon gets… Continue reading CSS Injection without colon
As part of our class project, we are studying the attacks that could be done using CSS Injection. In our threat model, attacker can manipulate any CSS file on the server. If attacker replaces original CSS file with a maliciou… Continue reading Can Arbitrary Code Execution be done using CSS Injection?
As part of our class project, we are studying the attacks that could be done using CSS Injection. In our threat model, attacker can manipulate any CSS file on the server. If attacker replaces original CSS file with a maliciou… Continue reading Can Arbitrary Code Execution be done using CSS Injection?