歡迎光臨
我們一直在努力

Evading CSP with DOM-based dangling markup

原文出處:https://portswigger.net/blog/evading-csp-with-dom-based-dangling-markup

Dangling markup is a technique to steal the contents of the page without script by using resources such as images to send the data to a remote location that an attacker controls. It is useful when reflected XSS doesn't work or is blocked by Content Security Policy (CSP). The idea is you inject some partial HTML that is in an unfinished state such as a src attribute of an image tag, and the rest of the markup on the page closes the attribute but also sends the data in-between to the remote server.

文章圖片來源:https://portswigger.net/blog/evading-csp-with-dom-based-dangling-markup
前言引用來源:https://portswigger.net/blog/evading-csp-with-dom-based-dangling-markup

如文章侵犯,作者有疑義,請來信聯繫[email protected],將立即刪除,謝謝。

-------------------
如果你認同支持我們每日分享的文章的話,請幫我們按個讚並且點擊追蹤「搶先看」,這樣就可以快速獲得最新消息囉!
您的分享及點讚,是我們最大的動力來源。
https://www.facebook.com/LonelyPoPo/

贊(0) 打賞
轉載請附上作者連結:波波的寂寞世界 » Evading CSP with DOM-based dangling markup

波波的寂寞世界

Facebook聯繫我們

覺得文章有用,請作者喝杯咖啡

掃一掃打賞作者狗糧