Web - Client

lundi 2 novembre 2020, 15:17  #1
CSP Bypass - Inline code
1uc1f3r616
1uc1f3r616
  • 4 posts

I have xss on the site, but I am not getting what to do next. I tried evaluating the FLAG_REDACTED but that did no help, no result.

What does this ’Only bot can view’ mean here ? hidden tags ? accessing varable ?

If accessing variable then I am having hard time fitting it inside alert

lundi 2 novembre 2020, 18:40  #2
CSP Bypass - Inline code
diedi
diedi
  • 22 posts

It means only a bot on the server may evaluate the FLAG_REDACTED. If you know what CSP is all about you may get a clue on what to do to take advantage of it.

mercredi 20 janvier 2021, 20:56  #3
CSP Bypass - Inline code
nachtblume
nachtblume
  • 1 posts

yeah same problem, thx for the tip, anyway what is the best source on CSP ? is it "CSP Is Dead, Long Live CSP" ?

Nouvelle réponse Nouvelle réponse   Nouveau sujet Nouveau sujet