Skip to content

research.securitum.com

securitum.com vulnerabilities researches and cyber security education publications

  • Penetration Testing
  • Research blog
  • About us
  • Contact us

Tag: CSS

CSS data exfiltration in Firefox via a single injection point

Michał Bentkowski | February 12, 2020February 12, 2020 | Research

A few months ago I identified a security issue in Firefox known as CVE-2019-17016. During analysis of the issue, I’ve come up with a new technique of CSS data exfiltration in Firefox via a single injection point which I’m going to share in this blog post.

Read more

Stealing Data in Great style – How to Use CSS to Attack Web Application.

Michał Bentkowski | September 25, 2017September 30, 2019 | Research

This article will show you an example of how you can use the ability to inject your own CSS rules into a web application to exfiltrate data. This attack can be particularly practical for stealing tokens that protect against CSRF attacks. In this text we will see that CSS injections can be used to steal …

Read more

Find us on Linkedin!

Research updates?

We keep your data private and use it only for research updates newsletter. We also hate spam! Read our Privacy Policy.

Check your inbox or spam folder to confirm your subscription.

Categories

  • Education 44
  • Research 35
  • Uncategorized 1

Tags

Active Directory · Analysis · Apache · Browser security · Bug Bounty · Bypass · CA · Camera · CCTV · Cryptography · CSS · Desktop · dompurify · Google · Hack · hacking · HTTP · HTTP/2 · IoT · javascript · js · json web token · jwt · kibana · Linux · Malware · Mozilla Firefox · mxss · NMAP · OSINT · pebble · prototype pollution · RCE · Reconnaissance · SSL · ssti · Takeover · template injection · Upload · Vulnerability · Web Hacking · WiFi · windows · Wordpress · XSS

Archives

  • 2023 2
  • 2022 9
  • 2021 3
  • 2020 10
  • 2019 8
  • 2018 10
  • 2017 18
  • 2016 8
  • 2015 5

Follow us on:

  • LinkedIn
  • Facebook
  • Twitter
  • GitHub

Pages

  • Research Home Page
  • Penetration Testing
  • Privacy Policy
  • About us
  • Contact us

Recent Posts

  • XSS in WordPress via open embed auto discovery May 29, 2023
  • How to access data secured with BitLocker? Do a system update January 12, 2023
  • Amazon once again lost control (for 3 hours) over the IP pool in a BGP Hijacking attack October 28, 2022
  • SOCMINT – or rather OSINT of social media October 15, 2022
  • PyScript – or rather Python in your browser + what can be done with it? September 10, 2022
©2023 research.securitum.com