56
kiki
7y

One of our teachers developed a website for our university about three years ago. That was something like assignments management system + social network + schedule, everything in the world as one website.

It seemed like he didn't put any code escaping at all. Injected a block of CSS that made the entire page slowly fade away when some user tried to look at my page. Other teachers stared at it as if it was pure magic, doubting their sanity.

Still isn't fixed btw :)

Comments
  • 8
    "doubting their sanity" has me cracking up hahahhaha. Thanks dude. CSS animations can be fun
  • 4
    My school also does something similar where they just allow you to put pure html into your profile. I let the <script> tags run wild!
  • 1
    Mine cryptos!!
  • 1
    @aritzh there's already a css keylogger, let there be a css cryptocurrency miner :)
  • 1
    @uyouthe can you not inject JS if you injected CSS?
  • 1
    @aritzh of course yes, but just imagine mining coins with css
Add Comment