Articles tagged with "Web Application Security" (1)

2016-07-21

Exploiting weak Content Security Policy (CSP) rules for fun and profit

This article is based on my findings during a bug bounty. I was looking for any input bugs which could trigger a XSS but didn’t find any until I tested the file upload functionality. Users had the option to drag&drop images into the …