E-Ink News Daily

Back to list

Bench Press: Leaking Text Nodes with CSS

The author demonstrates a novel CSS-based side-channel attack capable of exfiltrating text node contents by exploiting unique letter heights and animation timelines. This technique was developed for the Hack.lu CTF 2024 'Bench Press' challenge, allowing attackers to leak authentication tokens via CSS injection when JavaScript execution is restricted.

Background

CSS injection vulnerabilities occur when user-controlled input is embedded into stylesheets, potentially allowing attackers to manipulate page rendering. This specific technique leverages subtle rendering differences in modern browsers to extract data without direct DOM access.

Source
Lobsters
Published
Jul 6, 2026 at 02:40 AM
Score
7.0 / 10