Stealing passwords from infosec Mastodon - without bypassing CSP

portswigger.net

Stealing passwords from infosec Mastodon - without bypassing CSP

portswigger.net

c0mmandoMA to

Netsec · 2 years ago

The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP. Everybody on our Twitter feed seemed to be jumping ship to the infose

cross-posted from: https://community.hackliberty.org/post/9544

The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP.

You must log in or register to comment.

Chat

Netsec

netsec

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !netsec@links.hackliberty.org

netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere. ‎

Rules

Don’t do unto others what you don’t want done unto you.
No Porn, Gore, or NSFW content. Instant Ban.
No Spamming, Trolling or Unsolicited Ads. Instant Ban.
Stay on topic in a community. Please reach out to an admin to create a new community.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

1 user / day
1 user / week
2 users / month
480 users / 6 months
48 local subscribers
704 subscribers
286 Posts
164 Comments
Modlog

mods:
c0mmando