Articles tagged with "Web Application Security" (1)
2016-07-21
Exploiting weak Content Security Policy (CSP) rules for fun and profit
This article is based on my findings during a bug bounty. I was looking for any input bugs which could trigger a XSS but didn’t find any until I tested the file upload functionality. Users had the option to drag&drop images into the …