On 2009-06-24, Brandon Sterne wrote:
> So the premise is that the site already has a CSRF vuln and a header
> injection vuln, and Content Security Policy provides a new way for an
> attacker to forge a request from the victim to the target site.
Right.
> How did the attacker get the victim to vi
On 2009-06-23, Bil Corry wrote:
> Serge van den Boom wrote on 6/23/2009 3:48 PM:
>> On 2009-06-23, Bil Corry wrote:
>>> Serge van den Boom wrote on 6/23/2009 8:13 AM:
>>>> However, by injecting an X-Content-Security-Policy header with the
>>>> pol
On 2009-06-23, Bil Corry wrote:
> Serge van den Boom wrote on 6/23/2009 8:13 AM:
>> However, by injecting an X-Content-Security-Policy header with the
>> policy-uri set to the vulnerable URL, the web client can be tricked into
>> visiting the vulnerable URL.
>
> I
Hi,
If I'm not mistaken, there is a hypothetical situation where CSP can be
used to the benefit of an attacker. Consider the scenario where:
* the website contains a stored header injection vulnerability,
* the website contains a XSRF vulnerability, and
* the web client supports CSP.
To exploit a
