Sign in

Hey wassup everybody.I am security analyst analyzing malicious files and analyzing the attacks patterns, and also a bug bounty hunter.

What is Content-Security-Policy?

Content-Security-Policy is the name of a HTTP response header that modern browsers use to enhance the security of the document (or web page). The Content-Security-Policy header allows you to restrict how resources such as JavaScript, CSS, or pretty much anything that the browser loads.

Although it is primarily used as a HTTP response header, you can also apply it via a meta tag.

The term Content Security Policy is often abbreviated as CSP.

What types of attacks does Content-Security-Policy help mitigate?

CSP was first designed to reduce the attack surface of Cross Site Scripting (XSS) attacks, later versions of the spec also protect against other forms of attack…

Starting the challenge

Low level — Understanding the application

We access a page asking us to submit the word “success” to win. Below the statement we find a text field and a submit button.

We try to send the word success but we get the message Invalid token.. Here is the request sent:

POST /vulnerabilities/javascript/ HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/vulnerabilities/javascript/
Content-Type: application/x-www-form-urlencoded
Content-Length: 65
DNT: 1
Connection: close
Cookie: PHPSESSID=c8f9p19iv3b8s0cm58d7pm1e25; security=low
Upgrade-Insecure-Requests: 1

It seems that the token sent is incorrect. After trying different phrases (“success”, “test”, “ChangeMe”), we notice that the…

Ayush Puri

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store