Hey wassup everybody.I am security analyst analyzing malicious files and analyzing the attacks patterns, and also a bug bounty hunter.

What is Content-Security-Policy?

Content-Security-Policy is the name of a HTTP response header that modern browsers use to enhance the security of the document (or web page). The Content-Security-Policy header allows you to restrict how resources such as JavaScript, CSS, or pretty much anything that the browser loads.

Although it is primarily used as…

Starting the challenge

Low level — Understanding the application

We access a page asking us to submit the word “success” to win. Below the statement we find a text field and a submit button.

We try to send the word success but we get the message Invalid token.. Here is the request sent:

POST /vulnerabilities/javascript/ HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11…

Ayush Puri

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store