Showing 1 result for: April 2011 ×Penetration Testing ×

CSS and XSS in Melodious Harmony

Web application penetration testers, have you ever run into a situation where you can inject into the attribute of a tag and break out of the attribute, but not the tag? For those who can only <script> //<![CDATA[ alert('XSS') //]]>// </script> this is a...