Skip to content

Commit

Permalink
Add CSP bypass via JSONP endpoints section.
Browse files Browse the repository at this point in the history
  • Loading branch information
@EdOverflow
EdOverflow authored Oct 28, 2017
1 parent 8ca83f2 commit a201142
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions cheatsheets/xss.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -311,3 +311,21 @@ __ javascript:alert(document.domain)
```js
{{constructor.constructor('alert(1)')()}}
```
**Content Security Policy (CSP) bypass via JSONP endpoints**
Grab the target's CSP:
```
curl -I http://example.com | grep 'Content-Security-Policy'
```
Either paste the CSP into https://csp-evaluator.withgoogle.com/ or just submit the target's address into the "Content Security Policy" field. The CSP Evaluator will notify you if one of the whitelisted domains has JSONP endpoints.
![image](https://user-images.githubusercontent.com/18099289/32136707-a1c12510-bc12-11e7-8a80-8a22b3e94232.png)
Now we can use a Google dork to find some JSONP endpoints on the domains listed above.
```
site:example.com inurl:callback
```

0 comments on commit a201142

Please sign in to comment.