Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSP Bypass (DAST) Templates #11526

Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Open

CSP Bypass (DAST) Templates #11526

wants to merge 16 commits into from
+7,755 −0

Conversation

DhiyaneshGeek
Copy link
Member

Template / PR Information

  • Fixed CVE-2020-XXX / Added CVE-2020-XXX / Updated CVE-2020-XXX
  • References:

Template Validation

I've validated this template locally?

  • YES
  • NO

Additional Details (leave it blank if not applicable)

Additional References:

@DhiyaneshGeek DhiyaneshGeek self-assigned this Jan 24, 2025
@DhiyaneshGeek DhiyaneshGeek added the Done Ready to merge label Jan 24, 2025
@github-actions github-actions bot requested a review from ritikchaddha January 24, 2025 11:28
@DhiyaneshGeek
Copy link
Member Author

DhiyaneshGeek commented Jan 24, 2025
edited
Loading

Setup Instructions

mkdir csp-demo

cd csp-demo

npm install express

create a filenamed server.js with the below content

const express = require('express');

const createServer = (port, cspDomain, domainName, title) => {
  const app = express();

  app.use((req, res, next) => {
    // Add a wildcard for subdomains to each CSP domain
    const cspHeader = `default-src 'self'; script-src 'self' ${cspDomain} *.${cspDomain.split('//')[1]}`;
    res.setHeader("Content-Security-Policy", cspHeader);
    next();
  });

  app.get('/', (req, res) => {
    res.send(`
      <html>
        <head>
          <title>${title}</title>
        </head>
        <body>
          <h1>Demo for ${cspDomain}</h1>
          <p>This is a simple demo page for ${cspDomain}.</p>
        </body>
      </html>
    `);
  });

  app.get('/xss', (req, res) => {
    const payload = req.query.payload || 'test';
    res.send(`
      <html>
        <head>
          <title>XSS Test</title>
        </head>
        <body>
          <h1>XSS Test for ${cspDomain}</h1>
          <div>${payload}</div>
        </body>
      </html>
    `);
  });

  app.listen(port, () => {
    console.log(`Server for ${domainName} running at http://localhost:${port}`);
  });
};

// Create servers for each setup
createServer(2002, 'https://acs.aliexpress.com', 'https://acs.aliexpress.com, aliexpress.com', 'Content-Security-Policy Bypass via AliExpress Demo');

To run the created file

node server.js

nuclei -u http://localhost:2002 -t test.yaml -dast -headless-vv

image

@DhiyaneshGeek DhiyaneshGeek added Status: In Progress This issue is being worked on, and has someone assigned. and removed Done Ready to merge labels Jan 27, 2025
@DhiyaneshGeek DhiyaneshGeek changed the title Create youtube-csp-xss.yaml CSP Bypass (DAST) Templates Jan 27, 2025
@DhiyaneshGeek DhiyaneshGeek added Done Ready to merge and removed Status: In Progress This issue is being worked on, and has someone assigned. labels Feb 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ritikchaddha ritikchaddha Awaiting requested review from ritikchaddha

Assignees

@DhiyaneshGeek DhiyaneshGeek

Labels
Done Ready to merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@DhiyaneshGeek