Skip to content

research.securitum.com

securitum.com vulnerabilities researches and cyber security education publications

  • Research blog
  • Penetration Testing
  • Contact us
  • About us

Tag: CSS

CSS data exfiltration in Firefox via a single injection point

Michał Bentkowski | February 12, 2020February 12, 2020 | Research

A few months ago I identified a security issue in Firefox known as CVE-2019-17016. During analysis of the issue, I’ve come up with a new technique of CSS data exfiltration in Firefox via a single injection point which I’m going to share in this blog post.

Read more

Stealing Data in Great style – How to Use CSS to Attack Web Application.

Michał Bentkowski | September 25, 2017September 30, 2019 | Research

This article will show you an example of how you can use the ability to inject your own CSS rules into a web application to exfiltrate data. This attack can be particularly practical for stealing tokens that protect against CSRF attacks. In this text we will see that CSS injections can be used to steal …

Read more

Find us on Linkedin!

Research updates?

We keep your data private and use it only for research updates newsletter. We also hate spam! Read our Privacy Policy.

Check your inbox or spam folder to confirm your subscription.

Categories

  • Education 44
  • Research 35
  • Uncategorized 1

Tags

Active Directory · Analysis · Apache · Browser security · Bug Bounty · Bypass · CA · Camera · CCTV · Cryptography · CSS · Desktop · dompurify · FDE · Google · Hack · hacking · HTTP · HTTP/2 · IDS · IoT · javascript · json web token · jwt · kibana · Linux · lsass · Malware · Mozilla Firefox · mxss · NMAP · OSINT · pebble · RCE · Reconnaissance · SSL · ssti · Takeover · Upload · Vulnerability · Web Hacking · WiFi · windows · Wordpress · XSS

Archives

  • 2023 3
  • 2022 8
  • 2021 3
  • 2020 10
  • 2019 8
  • 2018 10
  • 2017 18
  • 2016 8
  • 2015 5

Follow us on:

  • LinkedIn
  • Facebook
  • Twitter
  • GitHub

Pages

  • Research Home Page
  • Penetration testing
  • Privacy Policy
  • About us
  • Contact us

Recent Posts

  • How Private Cache Can Lead to Mass Account Takeover – pentest case July 12, 2023
  • XSS in WordPress via open embed auto discovery May 29, 2023
  • How to access data secured with BitLocker? Do a system update January 12, 2023
  • Amazon once again lost control (for 3 hours) over the IP pool in a BGP Hijacking attack October 28, 2022
  • SOCMINT – or rather OSINT of social media October 15, 2022
©2025 research.securitum.com
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. You can read more at our Privacy Policy (link below).Ok