Web - Client
Sunday 11 April 2021, 11:44 #1
Web - Client: CSP Bypass - Inline code
Hi everyone,
In this challenge, I exploited XSS with “onerror of the img element” in the name field.
After that, I try to steal Bot’s cookie, so I think I should make a get request to my RequestBin. But I’m stuck on how to send a get request. I’ve tried to use img-src, xhttp, jquery, but all of them are blocked.
Can anyone give me some idea to make http request or steal cookie. Tks all.
Sunday 11 April 2021, 20:11 #2
Web - Client: CSP Bypass - Inline code
In this challenge (in addition to the csp) the server performs checks on the link you send it.
You have to try some payloads in order to see what is allowed or not.
Little hints: encode something and try different functions for redirection.