原文出處:https://portswigger.net/blog/evading-csp-with-dom-based-dangling-markup
Dangling markup is a technique to steal the contents of the page without script by using resources such as images to send the data to a remote location that an attacker controls. It is useful when reflected XSS doesn't work or is blocked by Content Security Policy (CSP). The idea is you inject some partial HTML that is in an unfinished state such as a src attribute of an image tag, and the rest of the markup on the page closes the attribute but also sends the data in-between to the remote server.
文章圖片來源:https://portswigger.net/blog/evading-csp-with-dom-based-dangling-markup
前言引用來源:https://portswigger.net/blog/evading-csp-with-dom-based-dangling-markup
如文章侵犯,作者有疑義,請來信聯繫[email protected],將立即刪除,謝謝。
-------------------
如果你認同支持我們每日分享的文章的話,請幫我們按個讚並且點擊追蹤「搶先看」,這樣就可以快速獲得最新消息囉!
您的分享及點讚,是我們最大的動力來源。
https://www.facebook.com/LonelyPoPo/
