Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

CSS injection: what's the worst that can happen?

We are doing a security evaluation.

There is a chance that a malicious user can inject arbitrary CSS into another user's web pages, although we are not sure it can actually be exploited.

I understand he could totally change the page look, even causing nothing to be displayed at all. Is that all? What is the worst that could happen? Can JavaScript be embedded in CSS? Can he "steal" the other user's cookies? And initiate another session?

like image 649
flybywire Avatar asked Apr 05 '09 09:04

flybywire


People also ask

What are the types of injection attacks?

Some of the most common types of injection attacks are SQL injections, cross-site scripting (XSS), code injection, OS command injection, host header injection, and more. A large part of vulnerabilities that exist in web applications can be classified as injection vulnerabilities.

What is the result of have injection flaws?

The effects of these attacks include: Allowing an attacker to execute operating system calls on a target machine. Allowing an attacker to compromise backend data stores. Allowing an attacker to compromise or hijack sessions of other users.

What are the injection issues?

Description. Injection problems span a wide range of instantiations. The basic form of this flaw involves the injection of control-plane data into the data-plane in order to alter the control flow of the process.

What can you do with CSS injection?

Description: CSS injection (reflected) Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including: Executing arbitrary JavaScript using IE's expression() function. Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.


1 Answers

Yes to all of the above. Injection of arbitrary CSS can lead to javascript execution. Look at:

  • XSS Cheat Sheet

The worst thing that could happen is dependent on the environment. In some cases stealing a session cookie and accessing the users session maybe the worst thing to happen (e.g., banks, online stock trading) this may not be the case for your situation. Other examples of attacks would be gaining control of the browser, gaining access to the client's machine, etc.

like image 81
Gerry Avatar answered Sep 20 '22 13:09

Gerry