Iniciativa IMDEA

Inicio > Eventos > Software Seminar Series (S3)

Software Seminar Series (S3)

Pepe Vila

Tuesday, January 29, 2019

10:45am Lecture hall 1, level B

Pepe Vila, PhD Student, Instituto IMDEA Software

CSS Injection Attacks: or how to leak content with <style>


In this talk we'll discuss the impact of CSS (or stylesheet) injection attacks on web security. For that, we'll first present some historical notes about CSS injections and related research. Then we'll show and explain two working demos that leak HTML attributes and text nodes using only CSS (no JavaScript) from a vulnerable web page. Finally, we'll show a recursion trick that allows these attacks to work w/o need of iframes or redirections, enabling them in isolated environments like Electron apps.

Time and place:
10:45am Lecture hall 1, level B
IMDEA Software Institute, Campus de Montegancedo
28223-Pozuelo de Alarcón, Madrid, Spain

Software Seminar Series (S3) - Otoño 2018