CSS Injection

CSS injection represents a severe security flaw where an attacker inserts malicious Cascading Style Sheets (CSS) code into a web application. This vulnerability subjects web applications to numerous hazards, including visual disruptions, cross-site scripting (XSS) attacks, and site defacement. By exploiting CSS injection, nefarious individuals can modify a website's visual and operational aspects, thereby jeopardizing user data and facilitating unauthorized activities. Countermeasures against CSS injection necessitate the implementation of stringent coding standards, meticulous input validation, and robust output encoding. These precautions are imperative to preserve the web application's integrity and security.

• Website Defacement: Through CSS injection, attackers can alter a website's content or aesthetic to serve their own purposes, whether for disseminating specific messages, causing disruption, or spreading disinformation.
• Extraction of Sensitive Data: Malefactors can pave the way for unauthorized access to critical information from the web application or its users by leveraging CSS injection. By modifying the website's functionality, attackers can deceive users into disclosing private information or take advantage of flaws in the site's structure.
• Service Disruption: CSS injections may also render a web page non-functional or distort its layout, effectively blocking access for legitimate users and resulting in a denial of service.

The issue can be found in the UI.

• Input Validation and Cleansing: It's critical to validate and cleanse all user inputs, ranging from data entered in input fields to submissions via forms. Employ rigorous input validation methods to ensure that only anticipated and secure data is processed.
• Content-Encoding: encode and cleanse user-generated or dynamically created content before rendering on web pages. This precaution blocks the execution of malicious CSS by treating such content as mere text, not executable code.
• Content Security Policy Implementation: Adopt a Content Security Policy (CSP) that delineates acceptable content sources for your web pages, thwarting the execution of unauthorized scripts, including CSS injections.
• Adherence to Secure Coding Protocols: Embrace secure coding standards, utilizing techniques like parameterized queries and prepared statements to avert injection threats. Continuously update and fortify your application’s components, including software frameworks and libraries, against known security flaws.
• Web Application Firewall Deployment: Deploying a Web Application Firewall (WAF) can be instrumental in scrutinizing and filtering inbound traffic to your web application. A WAF is a defensive mechanism against various cyber threats, including CSS injection attempts, by identifying and neutralizing malicious requests.

• CWE-79
• CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L

• https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/05-Testing_for_CSS_Injection
• https://book.hacktricks.xyz/pentesting-web/xs-search/css-injection