admin/PayloadsAllTHINGS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Archive external reference links via Wayback Machine

Browse Source 
Replace direct URLs in Markdown references with their
web.archive.org equivalents to prevent link rot.
This commit is contained in:
Swissky
2026-03-09 13:02:28 +01:00
parent 769b300f4f
commit 497fbe925b
118 changed files with 1661 additions and 4600 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
CSS Injection/README.md
View File

@@ -185,15 +185,15 @@ Payload example using `fontleak` with a custom selector, parent element, and alp
## References
* [0CTF 2023 Writeups - Web - newdiary - aszx87410 - December 11, 2023](https://blog.huli.tw/2023/12/11/en/0ctf-2023-writeup/)
* [Bench Press: Leaking Text Nodes with CSS - pspaul - October 20, 2024](https://blog.pspaul.de/posts/bench-press-leaking-text-nodes-with-css/)
* [Better Exfiltration via HTML Injection - d0nut - April 11, 2019](https://d0nut.medium.com/better-exfiltration-via-html-injection-31c72a2dae8b)
* [Blind CSS Exfiltration: exfiltrate unknown web pages - Gareth Heyes - December 5, 2023](https://portswigger.net/research/blind-css-exfiltration)
* [CSS based Attack: Abusing unicode-range of @font-face - Masato Kinugawa - October 23, 2015](https://mksben.l0.cm/2015/10/css-based-attack-abusing-unicode-range.html)
* [CSS Data Exfiltration to Steal OAuth Token - - September 13, 2025](https://blog.voorivex.team/css-data-exfiltration-to-steal-oauth-token)
* [CSS Injection - xsleaks.dev - May 9, 2025](https://xsleaks.dev/docs/attacks/css-injection/)
* [CSS Injection Attacks or how to leak content with <style> - Pepe Vila - 2019](https://vwzq.net/slides/2019-s3_css_injection_attacks.pdf)
* [CSS Injection: Attacking with Just CSS (Part 2) - aszx87410 - September 24, 2023](https://aszx87410.github.io/beyond-xss/en/ch3/css-injection-2/)
* [Fontleak: exfiltrating text using CSS and Ligatures - Dragos Albastroiu - April 16, 2025](https://adragos.ro/fontleak/)
* [How you can steal private data through CSS injection - invicti - April 23, 2018](https://www.invicti.com/blog/web-security/private-data-stolen-exploiting-css-injection)
* [Inline Style Exfiltration: leaking data with chained CSS conditionals - Gareth Heyes - August 26, 2025](https://portswigger.net/research/inline-style-exfiltration)
* [0CTF 2023 Writeups - Web - newdiary - aszx87410 - December 11, 2023](https://web.archive.org/web/20260208112931/https://blog.huli.tw/2023/12/11/en/0ctf-2023-writeup/)
* [Bench Press: Leaking Text Nodes with CSS - pspaul - October 20, 2024](https://web.archive.org/web/20250809122224/https://blog.pspaul.de/posts/bench-press-leaking-text-nodes-with-css/)
* [Better Exfiltration via HTML Injection - d0nut - April 11, 2019](https://web.archive.org/web/20260206153955/https://d0nut.medium.com/better-exfiltration-via-html-injection-31c72a2dae8b)
* [Blind CSS Exfiltration: exfiltrate unknown web pages - Gareth Heyes - December 5, 2023](https://web.archive.org/web/20231205201432/https://portswigger.net/research/blind-css-exfiltration)
* [CSS based Attack: Abusing unicode-range of @font-face - Masato Kinugawa - October 23, 2015](https://web.archive.org/web/20260212042745/https://mksben.l0.cm/2015/10/css-based-attack-abusing-unicode-range.html)
* [CSS Data Exfiltration to Steal OAuth Token - - September 13, 2025](https://web.archive.org/web/20250601232405/https://blog.voorivex.team/css-data-exfiltration-to-steal-oauth-token)
* [CSS Injection - xsleaks.dev - May 9, 2025](https://web.archive.org/web/20260114161847/https://xsleaks.dev/docs/attacks/css-injection/)
* [CSS Injection Attacks or how to leak content with <style> - Pepe Vila - 2019](https://web.archive.org/web/20250928084357/https://vwzq.net/slides/2019-s3_css_injection_attacks.pdf)
* [CSS Injection: Attacking with Just CSS (Part 2) - aszx87410 - September 24, 2023](https://web.archive.org/web/20231223213409/https://aszx87410.github.io/beyond-xss/en/ch3/css-injection-2/)
* [Fontleak: exfiltrating text using CSS and Ligatures - Dragos Albastroiu - April 16, 2025](https://web.archive.org/web/20251130021102/https://adragos.ro/fontleak/)
* [How you can steal private data through CSS injection - invicti - April 23, 2018](https://web.archive.org/web/20251107094938/https://www.invicti.com/blog/web-security/private-data-stolen-exploiting-css-injection)
* [Inline Style Exfiltration: leaking data with chained CSS conditionals - Gareth Heyes - August 26, 2025](https://web.archive.org/web/20260226022330/https://portswigger.net/research/inline-style-exfiltration)