CSS Injection through Header Injection – A Writeup of TSG CTF 20

TSG CTF 2021 was held from October 3rd – October 4th, and my challenge (“udon”) was on the contest. To speak frankly, the challenge was: “Can you steal another user’s secrets using a vulnerability that allows you to inject just a single HTTP response header?”

This post was created with our nice and easy submission form. Create your post!

What do you think?

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

GitHub – Ignitetechnologies/Credential-Dumping: This cheatsheet