CSP Policy Bypass and javascript execution its a valid bug ??

"><svg/onload=alert(0)>

 
Registered
Joined
Dec 15, 2019
Messages
10
Points
3
Dear All I hope you all are doing Great.

I have questioned if we CSP Policy Bypass and javascript execution it's a valid bug ??

How much can we damage the application ??

any similar POC ???
 

numaN

Growth Hacker
Staff member
Administrator
Joined
Sep 11, 2019
Messages
38
Points
18
They are valid bugs. You can:
Deface the website,
Steal user's cookies and takeover accounts,
Redirect victims to harmful website,
Earn bitcoin by visitors browser,
Create fake phishing forms and takeover accounts,
Log visitors keyboard while they are surfing on the website,
Run bad-burposed JavaScript codes on victims browser, with this vulnerability.
 

"><svg/onload=alert(0)>

 
Registered
Joined
Dec 15, 2019
Messages
10
Points
3
They are valid bugs. You can:
Deface the website,
Steal user's cookies and takeover accounts,
Redirect victims to harmful website,
Earn bitcoin by visitors browser,
Create fake phishing forms and takeover accounts,
Log visitors keyboard while they are surfing on the website,
Run bad-burposed JavaScript codes on victims browser, with this vulnerability.
Thank you so much for clarification now I am searching it accordingly :)
 
Top