Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes

Critical Thinking - Bug Bounty Podcast - A podcast by Justin Gardner (Rhynorater) & Joel Margolis (teknogeek) - Thursdays

Categories:

Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration.Follow us on twitter at: @ctbbpodcastSend us any feedback here: [email protected] to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Resources:SpaceRaccoon's Universal Code Execution ExtensionsEscalating Client Side Path TraversalFull-time Bug Bounty BlueprintSequential Import ChainingCSS ExfiltationLink that Justin was talking aboutFont LigaturesLava Dome bypassStealing Data in Great StyleSteal Script ContentsMasato Kinugawa's tweetAttacking with Just CSSCSS Injection PrimitivesTimestamps:(00:00:00) Introduction(00:02:32) Universal Code Execution(00:11:32) Escalating Client Side Path Traversal(00:16:56) Justin's Defcon talk & Bug Bounty Blueprint(00:23:32) CSS Injection(00:39:23) Font Ligatures(00:54:30) Descent Override and display:block