DiscoverCritical Thinking - Bug Bounty PodcastEpisode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes
Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes

Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes

Update: 2024-07-11
Share

Description

Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration.

Follow us on twitter at: @ctbbpodcast

Send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Resources:

SpaceRaccoon's Universal Code Execution Extensions

Escalating Client Side Path Traversal

Full-time Bug Bounty Blueprint

Sequential Import Chaining

CSS Exfiltation

Link that Justin was talking about

Font Ligatures

Lava Dome bypass

Stealing Data in Great Style

Steal Script Contents

Masato Kinugawa's tweet

Attacking with Just CSS

CSS Injection Primitives

Timestamps:

(00:00:00 ) Introduction

(00:02:32 ) Universal Code Execution

(00:11:32 ) Escalating Client Side Path Traversal

(00:16:56 ) Justin's Defcon talk & Bug Bounty Blueprint

(00:23:32 ) CSS Injection

(00:39:23 ) Font Ligatures

(00:54:30 ) Descent Override and display:block

Comments 
loading
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
In Channel
Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath

Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath

2024-11-2101:43:57

Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

2024-11-1453:05

Episode 96: Cookies & Caching with MatanBer

Episode 96: Cookies & Caching with MatanBer

2024-11-0749:09

Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side

Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side

2024-10-3101:56:23

Episode 94: Zendesk Fiasco & the CTBB Naughty List

Episode 94: Zendesk Fiasco & the CTBB Naughty List

2024-10-2449:29

Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor

Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor

2024-10-1701:41:29

Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser

Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser

2024-10-1047:38

Episode 91: Zero to LHE in 9 Months (feat gr3pme)

Episode 91: Zero to LHE in 9 Months (feat gr3pme)

2024-10-0301:22:50

Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

2024-09-2651:42

Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown

Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown

2024-09-1901:58:03

Episode 88: News, Tools, and Writeups

Episode 88: News, Tools, and Writeups

2024-09-1201:06:08

Episode 87: 'Hacker Wife' Mariah Gardner on Bug Bounty mentality and relationships

Episode 87: 'Hacker Wife' Mariah Gardner on Bug Bounty mentality and relationships

2024-09-0501:26:41

Episode 86: The X-Correlation between Frans & RCE - Research Drop

Episode 86: The X-Correlation between Frans & RCE - Research Drop

2024-08-2942:09

Episode 85: Practical Applications of DEFCON 32 Web Research

Episode 85: Practical Applications of DEFCON 32 Web Research

2024-08-2201:30:30

Episode 84: 0xLupin & Takeaways from Google's Las Vegas BugSwat

Episode 84: 0xLupin & Takeaways from Google's Las Vegas BugSwat

2024-08-1527:15

Episode 83: Brainstorming Proxy Plugins

Episode 83: Brainstorming Proxy Plugins

2024-08-0854:50

Episode 82: Part-Time Bug Bounty

Episode 82: Part-Time Bug Bounty

2024-08-0136:32

Episode 81: Crushing Client-Side on Any Scope with MatanBer

Episode 81: Crushing Client-Side on Any Scope with MatanBer

2024-07-2502:04:48

Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology)

Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology)

2024-07-1802:49:26

Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes

Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes

2024-07-1101:10:25

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
1.0x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes

Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes