I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style attributes! Learn how below: portswigger.net/research/inl...
Replies
wait, and what's stopping you from url(--val) ?
aug 26, 2025, 1:22 pm • 0 0 • view
You can't control the prefix or you need a style import
aug 26, 2025, 1:24 pm • 0 0 • view
PoC: portswigger-labs.net/inline-style... Custom Action: github.com/PortSwigger/...
aug 26, 2025, 12:54 pm • 3 0 • view