Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration. Follow us on twitter at: @ctbbpodcast Send us any feedback here: [email protected] Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Resources: SpaceRaccoon's Universal Code Execution Extensions Escalating Client Side Path Traversal Full-time Bug Bounty Blueprint Sequential Import Chaining CSS Exfiltation Link that Justin was talking about Font Ligatures Lava Dome bypass Stealing Data in Great Style Steal Script Contents Masato Kinugawa's tweet Attacking with Just CSS CSS Injection Primitives Timestamps: (00:00:00) Introduction (00:02:32) Universal Code Execution (00:11:32) Escalating Client Side Path Traversal (00:16:56) Justin's Defcon talk & Bug Bounty Blueprint (00:23:32) CSS Injection (00:39:23) Font Ligatures (00:54:30) Descent Override and display:block