Add CSP bypass via JSONP endpoints section.

This commit is contained in:
EdOverflow 2017-10-28 19:16:27 +02:00 committed by GitHub
parent 8ca83f2dee
commit a201142cb5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -311,3 +311,21 @@ __ javascript:alert(document.domain)
```js ```js
{{constructor.constructor('alert(1)')()}} {{constructor.constructor('alert(1)')()}}
``` ```
**Content Security Policy (CSP) bypass via JSONP endpoints**
Grab the target's CSP:
```
curl -I http://example.com | grep 'Content-Security-Policy'
```
Either paste the CSP into https://csp-evaluator.withgoogle.com/ or just submit the target's address into the "Content Security Policy" field. The CSP Evaluator will notify you if one of the whitelisted domains has JSONP endpoints.
![image](https://user-images.githubusercontent.com/18099289/32136707-a1c12510-bc12-11e7-8a80-8a22b3e94232.png)
Now we can use a Google dork to find some JSONP endpoints on the domains listed above.
```
site:example.com inurl:callback
```