From 306481ac24befece07282af4f3673f319143d726 Mon Sep 17 00:00:00 2001 From: Felipe Molina Date: Thu, 26 Oct 2023 18:30:16 +0100 Subject: [PATCH] Add new CSP bypasses through third-parties --- pentesting-web/content-security-policy-csp-bypass/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pentesting-web/content-security-policy-csp-bypass/README.md b/pentesting-web/content-security-policy-csp-bypass/README.md index 37a36631c..f139a5c73 100644 --- a/pentesting-web/content-security-policy-csp-bypass/README.md +++ b/pentesting-web/content-security-policy-csp-bypass/README.md @@ -288,7 +288,7 @@ https://www.youtube.com/oembed?callback=alert; The same vulnerability will occur if the **trusted endpoint contains an Open Redirect** because if the initial endpoint is trusted, redirects are trusted. ### Third Party Abuses -As described in the (following post)[https://sensepost.com/blog/2023/dress-code-the-talk/#bypasses], there are many third party domains, that might be allowed somewhere in the CSP, can be abused to either exfiltrate data or execute JavaScript code. Some of these third-parties are: +As described in the [following post](https://sensepost.com/blog/2023/dress-code-the-talk/#bypasses), there are many third party domains, that might be allowed somewhere in the CSP, can be abused to either exfiltrate data or execute JavaScript code. Some of these third-parties are: | Entity | Allowed Domain | Capabilities | |--------|----------------|--------------| @@ -315,7 +315,7 @@ or Content-Security-Policy​: connect-src www.facebook.com;​ ``` -You should be able to exfiltrate data, similarly as it has always be done with (Google Analytics)[https://www.humansecurity.com/tech-engineering-blog/exfiltrating-users-private-data-using-google-analytics-to-bypass-csp]/(Google Tag Manager)[https://blog.deteact.com/csp-bypass/]. In this case, you follow these general steps: +You should be able to exfiltrate data, similarly as it has always be done with [Google Analytics](https://www.humansecurity.com/tech-engineering-blog/exfiltrating-users-private-data-using-google-analytics-to-bypass-csp)/[Google Tag Manager](https://blog.deteact.com/csp-bypass/). In this case, you follow these general steps: 1. Create a Facebook Developer account here. 1. Create a new "Facebook Login" app and select "Website". @@ -332,7 +332,7 @@ fbq('trackCustom', 'My-Custom-Event',{​ }); ``` -As for the other seven third-party domains specified in the previous table, there are many other ways you can abuse them. Refer to the previously (blog post)[https://sensepost.com/blog/2023/dress-codethe-talk/#bypasses] for additional explanations about other third-party abuses. +As for the other seven third-party domains specified in the previous table, there are many other ways you can abuse them. Refer to the previously [blog post](https://sensepost.com/blog/2023/dress-codethe-talk/#bypasses) for additional explanations about other third-party abuses. ### Folder path bypass