diff --git a/pentesting-web/content-security-policy-csp-bypass/README.md b/pentesting-web/content-security-policy-csp-bypass/README.md
index b93de458f..1d5ff9e50 100644
--- a/pentesting-web/content-security-policy-csp-bypass/README.md
+++ b/pentesting-web/content-security-policy-csp-bypass/README.md
@@ -12,10 +12,9 @@
+
-
-
-**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
+[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
🐞 Read web3 bug tutorials
@@ -23,9 +22,6 @@
💬 Participate in community discussions
-
-
-
## What is CSP
Content Security Policy or CSP is a built-in browser technology which **helps protect from attacks such as cross-site scripting (XSS)**. It lists and describes paths and sources, from which the browser can safely load resources. The resources may include images, frames, javascript and more. Here is an example of resources being allowed from the local domain (self) to be loaded and executed in-line and allow string code executing functions like `eval`, `setTimeout` or `setInterval:`
@@ -250,7 +246,7 @@ The post shows that you could **load** all **libraries** from `cdn.cloudflare.co
### Third Party Endpoints + JSONP
```http
-Content-Security-Policy: script-src 'self' https://www.google.com; object-src 'none';
+Content-Security-Policy: script-src 'self' https://www.google.com https://www.youtube.com; object-src 'none';
```
Scenarios like this where `script-src` is set to `self` and a particular domain which is whitelisted can be bypassed using JSONP. JSONP endpoints allow insecure callback methods which allow an attacker to perform XSS, working payload:
@@ -260,6 +256,11 @@ Scenarios like this where `script-src` is set to `self` and a particular domain
">
```
+```html
+https://www.youtube.com/oembed?callback=alert;
+
+```
+
[**JSONBee**](https://github.com/zigoo0/JSONBee) **contains ready to use JSONP endpoints to CSP bypass of different websites.**
The same vulnerability will occur if the **trusted endpoint contains an Open Redirect** because if the initial endpoint is trusted, redirects are trusted.
@@ -462,10 +463,9 @@ img-src https://chall.secdriven.dev https://doc-1-3213.secdrivencontent.dev http
Trick from [**here**](https://ctftime.org/writeup/29310).
+
-
-
-**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
+[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
🐞 Read web3 bug tutorials
@@ -473,9 +473,6 @@ Trick from [**here**](https://ctftime.org/writeup/29310).
💬 Participate in community discussions
-
-
-
## Unsafe Technologies to Bypass CSP
### PHP response buffer overload
@@ -594,9 +591,9 @@ If you know how to exfiltrate info with WebRTC [**send a pull request please!**]
-
+
-**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
+[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
🐞 Read web3 bug tutorials
@@ -604,9 +601,6 @@ If you know how to exfiltrate info with WebRTC [**send a pull request please!**]
💬 Participate in community discussions
-
-
-
🎙️ HackTricks LIVE TwitchWednesdays 5.30pm (UTC) 🎙️ -🎥 Youtube 🎥
.png)
.png)