Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-21 20:23:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

GITBOOK-3993: change request with no subject merged in GitBook

Browse source
This commit is contained in:
CPol 2023-06-26 10:50:26 +00:00 committed by gitbook-bot
parent 1b10ed65e2
commit 5626c2fdf6
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
pentesting-web/content-security-policy-csp-bypass/README.md
View file

@ -437,6 +437,12 @@ run();
</script>
```
### Via Bookmarklets
This attack would imply some social engineering where the attacker **convinces the user to drag and drop a link over the bookmarklet of the browser**. This bookmarklet would contain **malicious javascript** code that when drag\&dropped or clicked would be executed in the context of the current web window, **bypassing CSP and allowing to steal sensitive information** such as cookies or tokens.
For more information [**check the original report here**](https://socradar.io/csp-bypass-unveiled-the-hidden-threat-of-bookmarklets/).
### [CVE-2020-6519](https://www.perimeterx.com/tech-blog/2020/csp-bypass-vuln-disclosure/)
```javascript