Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CSS injection: what's the worst that can happen?

Tags:

javascript

css

security

We are doing a security evaluation.

There is a chance that a malicious user can inject arbitrary CSS into another user's web pages, although we are not sure it can actually be exploited.

I understand he could totally change the page look, even causing nothing to be displayed at all. Is that all? What is the worst that could happen? Can JavaScript be embedded in CSS? Can he "steal" the other user's cookies? And initiate another session?

like image 649
flybywire Avatar asked Apr 05 '09 09:04

flybywire

People also ask

What are the types of injection attacks?

Some of the most common types of injection attacks are SQL injections, cross-site scripting (XSS), code injection, OS command injection, host header injection, and more. A large part of vulnerabilities that exist in web applications can be classified as injection vulnerabilities.

What is the result of have injection flaws?

The effects of these attacks include: Allowing an attacker to execute operating system calls on a target machine. Allowing an attacker to compromise backend data stores. Allowing an attacker to compromise or hijack sessions of other users.

What are the injection issues?

Description. Injection problems span a wide range of instantiations. The basic form of this flaw involves the injection of control-plane data into the data-plane in order to alter the control flow of the process.

What can you do with CSS injection?

Description: CSS injection (reflected) Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including: Executing arbitrary JavaScript using IE's expression() function. Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.

1 Answers

Yes to all of the above. Injection of arbitrary CSS can lead to javascript execution. Look at:

  • XSS Cheat Sheet

The worst thing that could happen is dependent on the environment. In some cases stealing a session cookie and accessing the users session maybe the worst thing to happen (e.g., banks, online stock trading) this may not be the case for your situation. Other examples of attacks would be gaining control of the browser, gaining access to the client's machine, etc.

like image 81
Gerry Avatar answered Sep 20 '22 13:09

Gerry
Sign in to Comment

Related questions

Can I update window.location.hash without having the web page scroll?
How can I replace Space with %20 in javascript? [duplicate]
How to output html through AngularJS template?
NodeJS find object in array by value of a key [duplicate]
trim() function doesn't work in IE8?
Converting Singleton JS objects to use ES6 classes
Unable to `submit()` an html form after intercepting the submit with javascript
How to get opposite boolean value of variable in Javascript
JavaScript/jQuery - How to check if a string contain specific words
customize highcharts tooltip to show datetime
javascript to find leap year
Product: Aptana Studio -- Error 4155. Failed to correctly acquire installer_nodejs_windows.msi
env-cmd error failed to locate ./.env file in gatsby?
Optimizing SVG markers in Google Maps
How to trigger keypress event in React.js
FabricJS prevent canvas.clipTo from clipping canvas.backgroundImage
jquery-steps missing CSS file
Hide child process console window
How does "Animated.createAnimatedComponent" work?
Jest messageParent can only be used inside a worker

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!