Steal input DATA’s with CSS File injection (Bugbounty)

4 years ago 181

BOOK THIS SPACE FOR AD

ARTICLE AD

Image for post

What is css injection ?

CSS injection vulnerabilities arise when an application imports a style sheet from a user-supplied URL, or embeds user input in CSS blocks without adequate escaping. They are closely related to cross-site scripting (XSS) vulnerabilities but often trickier to exploit.

Testing

Image for post

XSS : Not worked :(.

Test CSS File: Good CSS File injected :).

Image for post

Other vulnerability CLICKJACKING to help us complete the CSS injection

Our attack method will allow the victim to enter an address and pull data from that page with css injection.

We need it for this

fakeurl (I used ngrok )PHP scriptSending the address to the victim

Image for post

Step #1

Create index.php

Image for post

The index file will establish the link between the victim and the site.

Create a.php

Image for post

In this file we will call the target site in iframe.

Create css.php

Image for post

css.php file is one of our most important files.Here, css codes to be injected into the page are produced.The generated codes are reproduced per character.

Req 1: abcdef123456789 -> founded aReq 2 : a(abcdef123456789) -> founded 9Req 3 : a9(abcdef123456789)

In this way, the cycle continues until we get full data.

As in the scripting languages, CSS has REGEX.

For example : input[name^=email_protected_]

Since the e-mail address is protected here, the input name changes constantly, and we will ask that it complete the rest based on the remaining part.

Create opt.php

Image for post