XSS - Angular Gadget Bypass CSP

前言

周末闲着看了一道国际赛的xss,用了angular的csti gadget来bypass script-src 'unsafe-eval' 'self'; object-src 'none'的csp,还挺有意思的,我前端还是太菜了。

WP

有空再写 咕咕咕

Proudly powered by Hexo and Theme by Hacker
© 2020 LFY