Although it is primarily used as a HTTP response header, you can also apply it via a meta tag.
The term Content Security Policy is often abbreviated as CSP.
CSP was first designed to reduce the attack surface of Cross Site Scripting (XSS) attacks, later versions of the spec also protect against other forms of attack…
We access a page asking us to submit the word “success” to win. Below the statement we find a text field and a submit button.
We try to send the word success but we get the message
Invalid token.. Here is the request sent:
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=c8f9p19iv3b8s0cm58d7pm1e25; security=low
It seems that the token sent is incorrect. After trying different phrases (“success”, “test”, “ChangeMe”), we notice that the…