I used Google Drawings and there’s no shame in that

Better Exfiltration via HTML Injection

A Curious Case of HTML Injection

A Primer on CSS Injection

A typical CSS injection token exfil payload
A typical CSS injection token exfil payload given the first char of the csrf token is ‘c’

Prerequisites

@import to the Rescue

@import url(http://laggysite.com/base.css);* { color: red; }
A method to chain @import for attribute exfiltration

A Rediscovery

Potential Applications

Thanks

Security Engineer, developer, and part-time bug hunter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store