Vulnerability: Content Security Policy (CSP) Bypass
As Pastebin and Hastebin have stopped working, here are some scripts that may, or may not help.
- https://digi.ninja/dvwa/alert.js
- https://digi.ninja/dvwa/alert.txt
- https://digi.ninja/dvwa/cookie.js
- https://digi.ninja/dvwa/forced_download.js
- https://digi.ninja/dvwa/wrong_content_type.js
Pretend these are on a server like Pastebin and try to work out why some work and some do not work. Check the help for an explanation if you get stuck.
More Information
- Content Security Policy Reference
- Mozilla Developer Network - CSP: script-src
- Mozilla Security Blog - CSP for the web we have
Module developed by Digininja.
Username: Unknown
Security Level: low
Locale: en
SQLi DB: mysql
Security Level: low
Locale: en
SQLi DB: mysql