Not usual CSP bypass case

CSP default-src ‘self’ — bypass using the error page.

INTRODUCTION

During one of the penetration tests, I managed to chain three application issues that finally enabled the execution of the Stored XSS vulnerability.

The vulnerability combines three flaws in the application:

1. Unrestricted file upload.