GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Soren Stoutner (privacybrowser@fosstodon.org)'s status on Thursday, 17-Nov-2022 14:50:31 JST Soren Stoutner Soren Stoutner

    Stealing passwords from infosec Mastodon - without bypassing CSP | PortSwigger Research – https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp

    “My next test was with Chrome autofill - would the password get filled in automatically by Chrome? Of course it would, and without any user interaction!”

    This is one of the reasons why your password manager should never be integrated with your browser.

    In conversation Thursday, 17-Nov-2022 14:50:31 JST from fosstodon.org permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: portswigger.net
      Stealing passwords from infosec Mastodon - without bypassing CSP
      The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP. Everybody on our Twitter feed seemed to be jumping ship to the infose
    • 寮 likes this.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.