all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Stealing passwords from infosec Mastodon - without bypassing CSP

Add to bookmarks
Nov. 15, 2022, 2 p.m. |

PortSwigger Research portswigger.net

The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP. Everybody on our Twitter feed seemed to be jumping ship to the infose

bypassing csp infosec mastodon passwords stealing

Visit resource

More from portswigger.net / PortSwigger Research

Refining your HTTP perspective, with bambdas 3 days, 21 hours ago | portswigger.net
clue cors headers http +9
Introducing SignSaboteur: forge signed web tokens with ease 1 week, 3 days ago | portswigger.net
authentication authorization beyond depth +9
Making Desync attacks easy with TRACE 2 months, 1 week ago | portswigger.net
attacks can constraints easy +8
Using form hijacking to bypass CSP 2 months, 3 weeks ago | portswigger.net
bypass can configuration csp +6
Top 10 web hacking techniques of 2023 3 months, 1 week ago | portswigger.net
community hacking identify research +7
Hiding payloads in Java source code strings 4 months, 1 week ago | portswigger.net
abuse can code conceal +5
Top 10 web hacking techniques of 2023 - nominations open 4 months, 3 weeks ago | portswigger.net
blog blog posts community hacking +8
Finding that one weird endpoint, with Bambdas 5 months, 2 weeks ago | portswigger.net
act balancing act concepts endpoint +6
Blind CSS Exfiltration: exfiltrate unknown web pages 5 months, 3 weeks ago | portswigger.net
css discover exfiltration gif +3

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com