I found another one doing the exact same thing as the previous remote style sheet XSS filter evasion, although this one uses a style tag instead of a link tag. I like this because it doesn’t use any Javscript directives, script tags or event handlers.

This entry was posted on Thursday, January 1st, 1970 at 12:00 am and is filed under XSS, Webappsec. You can leave a response as well.