Stealing passwords from infosec Mastodon - without bypassing CSP

portswigger.net

Stealing passwords from infosec Mastodon - without bypassing CSP

portswigger.net

c0mmando@community.hackliberty.orgM to

Netsec@community.hackliberty.org · 2 years ago

The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP. Everybody on our Twitter feed seemed to be jumping ship to the infose

The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP.

You must log in or # to comment.

Chat

Netsec@community.hackliberty.org

netsec@community.hackliberty.org

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !netsec@community.hackliberty.org

netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere. ‎

Rules

Follow the golden rule, do unto others as you would have done unto you
Smut, Porn, Gore etc. will result in Ban without warning
No Spamming, Trolling or Unsolicited Ads (There are marketplaces in matrix and telegram you can use)
Stay on topic in a community. If you would like a new community made, reach out to an admin and the creation of a net new community can be discussed.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

0 users / day
1 user / week
1 user / month
1 user / 6 months
4 local subscribers
4 subscribers
21 Posts
0 Comments
Modlog

mods:
c0mmando@community.hackliberty.org