'Cross Site Scripting in CSS Stylesheets

Is it possible to use cross site scripting in a CSS stylesheet? For example a reference stylesheet contains malicious code, how would you do this? I know you can use style tags but what about stylesheets?

cssxss


Solution 1:[1]

The OWASP Mutillidae project has a Cascading Style Injection vulnerability example on page? http://localhost/mutillidae/index.php?page=set-background-color.php

Of course, you need to setup the env locally first. You can download and set it up on your localhost from the following link: https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project

Here is the relevant hint: https://github.com/hyprwired/mutillidae/blob/master/includes/hints-level-1/cascading-style-sheet-injection-hint.inc

Solution 2:[2]

yes its call Xsstc , read more in this article:

link

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1
Solution 2

Related Questions