Cascading Style Sheet (CSS) Injection

 


Overview

Cascading style injection may occcur when user or attacker controlled input is later incorporated without being encoded into the web server response with a style attribute. In other words, the attacker can send input which later is incorporated into the web page the user receives.

Discovery Methodology

Inject all available parameters of the web page with a searchable string such as the word "CANARY" along with characters generally useful in writing HTML, JavaScript or other code. Search the response carefully noting any location where the test string appears unencoded in a style attribute. These locations may allow Cascading style injection.

Hint: An example injection might be <CANARY={}""()'';#$--/>1. Adding a sequencial integer to the test input can help determine which of the inputs parameters resulted in the response string found.

Exploitation

Determine the prefix and suffix needed to make the injected code "fit" syntatically then add a payload between. Inject the exploit.

Example

Example Target:<body style="color:#{dynamic input}">
lets first look of our target web page




Possible Solution:style="<body color:#""><H1>HELLO WORLD</H1>< anything="">

After putting it we get


You can see the result.
If you have ay question then you can comment.

Comments

Popular posts from this blog

JavaScript Object Notation (JSON) Injection

Hack Android with Infect Virus Installation and Usees