Sign up to save your podcasts
Or
Share Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes
Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration.
Follow us on twitter at: @ctbbpodcast
Send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Resources:
SpaceRaccoon's Universal Code Execution Extensions
Escalating Client Side Path Traversal
Full-time Bug Bounty Blueprint
Sequential Import Chaining
CSS Exfiltation
Link that Justin was talking about
Font Ligatures
Lava Dome bypass
Stealing Data in Great Style
Steal Script Contents
Masato Kinugawa's tweet
Attacking with Just CSS
CSS Injection Primitives
Timestamps:
(00:00:00) Introduction
(00:02:32) Universal Code Execution
(00:11:32) Escalating Client Side Path Traversal
(00:16:56) Justin's Defcon talk & Bug Bounty Blueprint
(00:23:32) CSS Injection
(00:39:23) Font Ligatures
(00:54:30) Descent Override and display:block
View all episodes
By Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
5
5151 ratings
Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration.
Follow us on twitter at: @ctbbpodcast
Send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Resources:
SpaceRaccoon's Universal Code Execution Extensions
Escalating Client Side Path Traversal
Full-time Bug Bounty Blueprint
Sequential Import Chaining
CSS Exfiltation
Link that Justin was talking about
Font Ligatures
Lava Dome bypass
Stealing Data in Great Style
Steal Script Contents
Masato Kinugawa's tweet
Attacking with Just CSS
CSS Injection Primitives
Timestamps:
(00:00:00) Introduction
(00:02:32) Universal Code Execution
(00:11:32) Escalating Client Side Path Traversal
(00:16:56) Justin's Defcon talk & Bug Bounty Blueprint
(00:23:32) CSS Injection
(00:39:23) Font Ligatures
(00:54:30) Descent Override and display:block
More shows like Critical Thinking - Bug Bounty Podcast
View all
Risky Business
360 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
627 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
367 Listeners
Hacked
180 Listeners
CyberWire Daily
1,006 Listeners
Smashing Security
310 Listeners
Click Here
405 Listeners
Malicious Life
928 Listeners
Darknet Diaries
7,864 Listeners
Cybersecurity Today
168 Listeners
Hacking Humans
314 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
127 Listeners
Bug Bounty Reports Discussed
4 Listeners
Hacker And The Fed
158 Listeners