Hello, I am trying to find a way how to perform XSS in style tags. However it seems to me that unless I rely on deprecated or not fixed features of old browsers like :expression and -moz-binding the following pages cannot be exploted. Is it true? If so, could you give me a hint on how to exploit them?
Hello, I am trying to find a way how to perform XSS in style tags. However it seems to me that unless I rely on deprecated or not fixed features of old browsers like :expression and -moz-binding the following pages cannot be exploted. Is it true? If so, could you give me a hint on how to exploit them?
The testcases: /serverside/escapeHtml/css_style /serverside/escapeHtml/css_style_font_value /serverside/escapeHtml/css_style_value /serverside/encodeUrl/css_style /serverside/encodeUrl/css_style_value /serverside/encodeUrl/css_style_value