Tag: PortSwigger
-
CSS Injection Can Now Steal Data with Just One Line of Code
PortSwigger researcher Gareth Hayes has unveiled a novel technique for stealing data directly from HTML attributes using inline CSS, without relying on selectors or external style sheets. The discovery was made possible by the introduction of conditional if() expressions in Chromium-based browsers. The method exploits a combination of the attr() and style() functions, enabling the…
-
HTTP/1.1 Must Die: Why This 6-Year-Old Vulnerability Is Still a Major Threat
Six years ago, researchers at PortSwigger first identified a fundamental flaw in the HTTP/1.1 protocol—one that enables HTTP Request Smuggling attacks. Despite being publicly known since 2019, the vulnerability remains unresolved and continues to pose a serious threat: attackers can manipulate or inject requests at the infrastructure level, gaining access to sensitive data and control…