Skip to content

EthanThatOneKid/css-injection

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.vscode
.vscode
 
 
assets
assets
 
 
README.md
README.md
 
 
diamondburned.png
diamondburned.png
 
 
ethanthatonekid.png
ethanthatonekid.png
 
 
index.html
index.html
 
 

Repository files navigation

CSS Injection

Archive

Archived CSS injection vulnerability: https://ethanthatonekid.github.io/css-injection

This repository contains an archived version of my profile page with the CSS injection vulnerability. The vulnerability was fixed by GitHub on 2024-06-08.

Vulnerability

An attacker could have exploited a weakness in GitHub profiles to inject malicious code. This vulnerability existed in the math tags (```math) within a user's README file. By injecting CSS code, an attacker could have potentially created phishing attacks or displayed other harmful content on the profile page. Fortunately, GitHub addressed this issue swiftly before it could be widely misused.

Showcase

For a brief period, this vulnerability sparked a wave of creativity among some users. By responsibly exploiting the math tags, they were able to design unique and eye-catching customizations for their profiles. This brought back a sense of nostalgia for the bygone era of extensive customization options, reminiscent of Myspace profiles. While these modifications were impressive and demonstrated the vulnerability's potential, it's important to remember the risks associated with such exploits. Thankfully, GitHub patched the issue before it could be used maliciously.

EthanThatOneKid

Ethan's CSS injection

diamondburned

Diamond's CSS injection

References

Curated with 💖 by @EthanThatOneKid

About

ethanthatonekid.github.io/css-injection

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages