this post was submitted on 02 Jul 2023
1 points (100.0% liked)

appsec

331 readers
3 users here now

A community for all things related to application security.

founded 1 year ago
MODERATORS
laszlok@infosec.pub
1
Bypassing CSP via DOM clobbering (portswigger.net)
submitted 1 year ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink hide all child comments
 

You might have found HTML injection, but unfortunately identified that the site is protected with CSP. All is not lost, it might be possible to bypass CSP using DOM clobbering, which you can now detect using DOM Invader! In this post we’ll show you how.

We’ve based the test case on a bug bounty site, so you’re likely to encounter similar code in the wild. If you’re unfamiliar with DOM clobbering then head over to our Academy to learn about this attack class and solve the labs.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here