Liked
Stealing passwords from infosec Mastodon - without bypassing CSP
![](https://portswigger.net/cms/images/40/32/b07e-twittercard-mastodon_twitter.png)
Post details
The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP. Everybody on our Twitter feed seemed to be jumping ship to the infose
![](https://portswigger.net/cms/images/40/32/b07e-twittercard-mastodon_twitter.png)
This post was filed under likes.
Interactions with this post
Interactions with this post
Below you can find the interactions that this page has had using WebMention.
Have you written a response to this post? Let me know the URL:
Do you not have a website set up with WebMention capabilities? You can use Comment Parade.