Web - Client

Monday 2 November 2020, 15:17  #1
CSP Bypass - Inline code
1uc1f3r616
1uc1f3r616
  • 4 posts

I have xss on the site, but I am not getting what to do next. I tried evaluating the FLAG_REDACTED but that did no help, no result.

What does this ’Only bot can view’ mean here? hidden tags? accessing varable?

If accessing variable then I am having hard time fitting it inside alert

Monday 2 November 2020, 18:40  #2
CSP Bypass - Inline code
diedi
diedi
  • 22 posts

It means only a bot on the server may evaluate the FLAG_REDACTED. If you know what CSP is all about you may get a clue on what to do to take advantage of it.

Wednesday 20 January 2021, 20:56  #3
CSP Bypass - Inline code
nachtblume
nachtblume
  • 1 posts

yeah same problem, thx for the tip, anyway what is the best source on CSP? is it "CSP Is Dead, Long Live CSP" ?

New reply New reply   New topic New topic