Stealing passwords from infosec Mastodon - without bypassing CSP
Stealing passwords from infosec Mastodon - without bypassing CSP
portswigger.net Stealing passwords from infosec Mastodon - without bypassing CSP
The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP. Everybody on our Twitter feed seemed to be jumping ship to the infose
Write-up from Nov. 2022, but I figured this would be interesting to people on the fediverse
0
comments