Python - CSS Injection (CSSI)
Last updated
Was this helpful?
Last updated
Was this helpful?
Now that the app is running let's go hacking!
When we start the application we can see that there is a text box that allow you to write a color name.
We can write a color like:
And depending on the color that we chose, this will be the color in the text below:
If we check how the text that we wrote in the text box is later put into the code we can see:
If we try to insert a malicious code that we know it will be inserted in the source code, we can try something like this:
This code should show an alert box or pop up alerting the text "CSSI - XSS". If we check the website after sending the malicious request:
And goal achieved!
https://www.owasp.org/index.php/Testing_for_CSS_Injection_(OTG-CLIENT-005)