
Let’s take a look at an example of a form that shows significant weaknesses
with CSS.Two of the key tricks of performing CSS tests are to make sure that
your activity remains benign and to keep an eye on the placement of the injec-
tion. Just because you try some HTML within the query string and it doesn’t
work, that doesn’t mean there is no weakness. In the next chapter we’ll cover
some detailed examples of filter bypassing to perform CSS even when a vendor
believes it has fixed the problem. Let’s take a look at a simple example.
Comcast is a known target for phishing because it allows phishers to gain
access to personal and possibly confidential infor ...