Luke Sheppard

Same error for me on Kali Linux. No screenshots in the directory either.

Sitepoint has a good page documenting [CSS expressions](http://reference.sitepoint.com/css/expression).

I first heard of CSS expressions as an XSS payload from a publicly disclosed bug on hackerone.com: [Reflected cross-site scripting (XSS) vulnerability in scores.ubnt.com allows attackers to inject arbitrary web...

This attack targets older IE browsers. But it supposedly works with Chrome, which I will test.

Tested the XSS link in the HTML file. It successfully stole the `admin` user's `PHPSESSID` cookie and sent it to the Python listener: ```code 2017-02-11 06:49 AM - 192.168.0.254 Mozilla/5.0...