Collaborate Disseminate
I am working on a webpage which I embedded an external form page into with Iframe. I detected the external form page is configured to redirected to leave a than you message within the iframed external form page but I the func… Continue reading How to make Iframe From Redirect the Parent or Whole Web Page?
A security researcher has demonstrated a new way to track mouse movements even if users block JavaScript. Continue reading CSS tracking trick can monitor your mouse without JavaScript
When is an address bar not an address bar? When it’s a fake. Continue reading Android users: watch out for this fake address bar trick
I am crossing an analysis on a website and while fuzzing and testing I came across the below URL:
https//www.****.**.*/content/css/app.css
Which generated the below output:
/* Minification failed. Returning unminified contents.
(856,10… Continue reading Published URL File APP.CSS
I am learning Javascript. Also researching web based vulnerabilitys to learn. I just wondering how Javascript can be used to steal view page source or any text or any tokens leaking on the page via Clickjacking. I need a demo… Continue reading Stealing page source via Clickjacking
I’m looking for a way to create a CSS injection proof-of-concept. I can insert the following and it gets reflected in the browser:
<style>body{background-color:red}</style>
The only issue is that the colon gets… Continue reading CSS Injection without colon
As part of our class project, we are studying the attacks that could be done using CSS Injection. In our threat model, attacker can manipulate any CSS file on the server. If attacker replaces original CSS file with a maliciou… Continue reading Can Arbitrary Code Execution be done using CSS Injection?
As part of our class project, we are studying the attacks that could be done using CSS Injection. In our threat model, attacker can manipulate any CSS file on the server. If attacker replaces original CSS file with a maliciou… Continue reading Can Arbitrary Code Execution be done using CSS Injection?
Users of our web app would like to use custom CSS to customize parts of UI. I’ve came up with some kind of blacklist for CSS “bad words” and I’m curious whether it is sufficient or if I need to improve it.
Basically, if the C… Continue reading XSS in custom, user-supplied CSS
It’s about Content Scramble System (CSS). The key size is 240 but it is possible to break CSS at complexity of 216. So how does it work?
Continue reading How to break Content Scramble System at complexity of 2^16? [migrated]