Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSP Bypass (DAST) Templates #11526

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

CSP Bypass (DAST) Templates #11526

wants to merge 10 commits into from
+11,499 −0

Conversation

DhiyaneshGeek
Copy link
Member

Template / PR Information

  • Fixed CVE-2020-XXX / Added CVE-2020-XXX / Updated CVE-2020-XXX
  • References:

Template Validation

I've validated this template locally?

  • YES
  • NO

Additional Details (leave it blank if not applicable)

Additional References:

@DhiyaneshGeek DhiyaneshGeek self-assigned this Jan 24, 2025
@DhiyaneshGeek DhiyaneshGeek added the Done Ready to merge label Jan 24, 2025
@github-actions github-actions bot requested a review from ritikchaddha January 24, 2025 11:28
@DhiyaneshGeek
Copy link
Member Author

Setup Instructions

mkdir youtube

cd youtube

npm install express

create a filenamed youtube.js with the below content

const express = require('express');
const app = express();

// Vulnerable CSP header
app.use((req, res, next) => {
  // Allow scripts from youtube.com and disallow inline scripts
  res.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'self' https://www.youtube.com;");
  next();
});

// Route to display the payload from the query parameter
app.get('/xss', (req, res) => {
  const payload = req.query.payload || ''; // Retrieve 'payload' query parameter
  res.send(`
    <!DOCTYPE html>
    <html lang="en">
    <head>
      <meta charset="UTF-8">
      <meta name="viewport" content="width=device-width, initial-scale=1.0">
      <title>Vulnerable CSP Example with Payload</title>
      <style>
        body {
          background-color: lightblue;
        }
      </style>
    </head>
    <body>
      <h1>Welcome to the Vulnerable CSP Page</h1>
      <p>Injected Payload: ${payload}</p>
      <!-- You can test an external script here from youtube.com -->
      <script src="https://www.youtube.com/iframe_api"></script>
    </body>
    </html>
  `);
});

// Start the server
app.listen(8083, () => {
  console.log('Vulnerable site running at http://localhost:8083');
});

To run the created file

node youtube.js

nuclei -u "http://localhost:8083/xss?payload=test" -t test.yaml -dast -debug -vv

@DhiyaneshGeek DhiyaneshGeek added Status: In Progress This issue is being worked on, and has someone assigned. and removed Done Ready to merge labels Jan 27, 2025
@DhiyaneshGeek DhiyaneshGeek changed the title Create youtube-csp-xss.yaml CSP Bypass (DAST) Templates Jan 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ritikchaddha ritikchaddha Awaiting requested review from ritikchaddha

Assignees

@DhiyaneshGeek DhiyaneshGeek

Labels
Status: In Progress This issue is being worked on, and has someone assigned.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@DhiyaneshGeek