About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Stealing Froxlor login credentials using dangling markup- 424

Valerio Brussani - Detectify LabsPosted 5 Years Ago
  • After being able to inject JavaScript or HTML, most people just leave it there. But, what if you could only inject HTML and no JavaScript because of a secure CSP? Can anything be done?
  • The example of this is a parameter being reflected onto a login form. The site is Froxlor.
  • Using ONLY HTML contents, we can still leak some data; this technique is called dangling markup. In this case, the base element is used. This is because base will change the default location to send requests to.
  • When the user logs in to the site after clicking on the link with the dangling markup, the login request will be sent to our attacker controlled domain! So, an attacker now has access to the credentials of the user!
  • Using the base tag is one example of how this could be exploited; there was likely otherwise HTML could be used to perform actions, phish or leak data.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed