How Private Data Can Be Stolen with a CSS Injection

Category: Web Security Readings - Last Updated: Fri, 09 Aug 2019 - by Netsparker Security Team
How Private Data Can Be Stolen with a CSS Injection

Can private data be stolen by employing a CSS Injection? Why are hackers so determined? This article explores Cyber and Information Security expert Mike Gualtieri's experiments with CSS Exfil and the use of CSS Attribute Selectors. It concludes with a few pointers on how to avoid this type of attack and the need for a Content Security Policy. Read More