Not usual CSP bypass case

5 min readDec 12, 2022

--

CSP default-src ‘self’ — bypass using the error page.

INTRODUCTION

During one of the penetration tests, I managed to chain three application issues that finally enabled the execution of the Stored XSS vulnerability.

The vulnerability combines three flaws in the application:

Unrestricted file upload.

Karol Mazurek

Written by Karol Mazurek

Offensive Security Engineer

Recommended from Medium

shbugger1

How you can find your first bug using google

If you are a bug bounty hunter, you are already familiar with bugs like XSS, CSRF, SSRF etc, but as a beginner, they are usually hard to…

2 min readDec 7, 2022

--

Cyberninja717

Reflected Cross-Site Scripting Vulnerability in Ellucian Ethos Identity CAS Logout Page

By: Andrew Schoonmaker and Clint Kehr

3 min readMay 20

--

Lists

Staff Picks

329 stories82 saves

Stories to Help You Level-Up at Work

19 stories53 saves

Self-Improvement 101

20 stories105 saves

Productivity 101

20 stories114 saves

Subh Dhungana

How I Do Web Application Hacking, Bug Hunting and Perform VAPT | My Detailed VAPT Methodology

Web application security testing, also known as VAPT (Vulnerability Assessment and Penetration Testing), plays a crucial role in ensuring…

7 min readMay 17

--

ProfessorXSS

Reflected XSS — CloudFlare WAF Bypass 😉

Sometimes simple payloads help to bypass the WAF filter.

3 min readDec 13, 2022

--

𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐇𝐚𝐜𝐤𝐞𝐫

XSS WAF Bypass Trick

Basic Modification

3 min readMay 14

--

Vignesh
in
InfoSec Write-ups

Path Traversal Vulnerability

Hey Guys so today in this blog we going to discuss path traversal vulnerability which has a very high impact on bug bounty

4 min readMay 20

--

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech