Stealing passwords from infosec Mastodon - without bypassing CSP

portswigger.net

Stealing passwords from infosec Mastodon - without bypassing CSP

portswigger.net

@c0mmandoMA to

Netsec • 8 months ago

The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP. Everybody on our Twitter feed seemed to be jumping ship to the infose

cross-posted from: https://community.hackliberty.org/post/9544

The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP.

You must log in or register to comment.

HotTopNewOld

Chat