The State of CSS Injection - Leaking Text Nodes & HTML Attributes (Ep. 79)
HTML-код
- Опубликовано: 5 авг 2024
- Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration.
Follow us on twitter at: / ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to / realytcracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater & Teknogeek on twitter:
/ 0xteknogeek
/ rhynorater
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Resources:
SpaceRaccoon's Universal Code Execution Extensions
spaceraccoon.dev/universal-co...
Escalating Client Side Path Traversal
x.com/isira_adithya/status/18...
Full-time Bug Bounty Blueprint:
www.criticalthinkingpodcast.i...
Sequential Import Chaining
/ better-exfiltration-vi...
CSS Exfiltation
github.com/PortSwigger/css-ex...
Link that Justin was talking about
github.com/PortSwigger/css-ex...
Font Ligatures
x.com/kinugawamasato/status/1...
Lava Dome bypass
github.com/LavaMoat/LavaDome/...
Stealing Data in Great style
research.securitum.com/steali...
Steal Script Contents
github.com/PortSwigger/css-ex...
Masato Kinugawa’s Tweet
x.com/kinugawamasato/status/1...
CSS Injection: Attacking with Just CSS
aszx87410.github.io/beyond-xs...
CSS Injection Primitives
x-c3ll.github.io/posts/CSS-In...
Timestamps:
(00:00:00) Introduction
(00:02:32) Universal Code Execution
(00:11:32) Escalating Client Side Path Traversal
(00:16:56) Justin's Defcon talk & Bug Bounty Blueprint
(00:23:32) CSS Injection
(00:39:23) Font Ligatures
(00:54:30) Descent Override and display:block
(01:02:10) Some Final Research 
Наука
Love the Enthusiasm from you guys