CSP Bypass

• https://twitter.com/CurtBraz/status/1180372698167435265?ref_src=twsrc%5Etfw%7Ctwcamp%5Eembeddedtimeline%7Ctwterm%5Ecollection%3A1183061305483239424%7Ctwcon%5Etimelinechrome&ref_url=https%3A%2F%2Ftwitter.com%2Fpentesterland%2Ftimelines%2F1183061305483239424

• #JSONP: <script src="https://trustedsite/jsonp?callback=payload"> #AngularJS <script src="https://trustedsite/angularjs/1.1.3/angularjs.min.js"> <div ng-app ng-csp id=p ng-click=$event.view.alert(1)> #BugBountyTip

• JSONP can be a serious security vulnerability. Another good read from my colleague :) Accessing cross-site data using JSONPsjoerdlangkemper.nl

• https://medium.com/@bhaveshthakur2015/content-security-policy-csp-bypass-techniques-e3fa475bfe5d

• If CSP policy points to a dir and you use %2f to encode "/", it is still considered to be inside the dir. All browsers seem to agree on that. This leads to a possible bypass, by using "%2f..%2f" if server decodes it, example: https://jsbin.com/werevijewa/edit?html,output…

• https://medium.com/@bhaveshthakur2015/content-security-policy-csp-bypass-techniques-e3fa475bfe5d

• http://ghostlulz.com/content-security-policy-csp-bypasses/

• https://medium.com/@bhaveshthakur2015/content-security-policy-csp-bypass-techniques-e3fa475bfe5d

• https://github.com/zigoo0/JSONBee

• https://github.com/m4ll0k/Bug-Bounty-Toolz/blob/master/csp-host-checker.py

• https://addons.mozilla.org/en-US/firefox/addon/laboratory-by-mozilla/

• https://2018.zeronights.ru/wp-content/uploads/materials/3%20ZN2018%20WV%20-%20CSP%20bypass.pdf

• https://dropbox.tech/security/unsafe-inline-and-nonce-deployment

• https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa/

• https://scotthelme.co.uk/content-security-policy-an-introduction/

• https://scotthelme.co.uk/csp-cheat-sheet/

• https://barryvanveen.nl/blog/47-how-to-prevent-the-use-of-unsafe-inline-in-csp

• https://www.netsparker.com/blog/web-security/negative-impact-incorrect-csp-implementations/

• https://content-security-policy.com/unsafe-inline/

Articles:

• https://ritiksahni.me/content-security-policy