PoC: Leak text nodes via CSS injection

Disclaimer: this is just a poc, code is super bad, don't install it on a plane! (or do it under your own risk)

How it works

(... at some point I might write something, for now look at the source)

For reading attributes see: https://gist.github.com/cgvwzq/6260f0f0a47c009c87b4d46ce3808231

Video

https://www.youtube.com/watch?v=aQ6V2pdfgmg

References

• http://p42.us/css/
• https://www.slideshare.net/x00mario/stealing-the-pie
• http://sirdarckcat.blogspot.com/2013/09/matryoshka-wrapping-overflow-leak-on.html
• https://sekurak.pl/wykradanie-danych-w-swietnym-stylu-czyli-jak-wykorzystac-css-y-do-atakow-na-webaplikacje/