How To Bypass CSP By Hiding JavaScript In A PNG Image
↳ https://www.secjuice.com/hiding-javascript-in-png-csp-bypass/
Hide a malicious JavaScript library into a PNG image and tweet it, then include it in a vulnerable website by exploiting a XSS bypassing its Content-Security-Policy (CSP). It’s not Sci-Fi… it’s HTML Canvas….
from Hack+ https://ift.tt/2JIghXT
via IFTTT
Няма коментари:
Публикуване на коментар