Tags: csp-bypass csp
# Challenge Name: babycsp
Vulnerability: Cross-Site Scripting (XSS)
Solution: Bypass Content Security Policy (CSP)
I heard CSP is all the rage now. It's supposed to fix all the XSS, kill all of the confused deputies, and cure cancer?
The flag is in the cookies
**Part 0x01 - Information Gathering**
The author wants us to bypass the Content Security Policy (CSP) to get the flag in the cookies. With this kind of challenge, we need to perform Cross-Site Scripting (XSS) attack and grab the cookie in admin side. There are 2 functions on the website. First one is posting and second one is reporting to admin.
The CSP in the website has the following policy: `default-src 'self'; script-src 'self' *.google.com; connect-src *`
The `script-src` has a value of `*.google.come` which could allow us to bypass the CSP.
**Part 0x02 - Vulnerability Exploitation**
First thing we need to do is to execute an XSS. So, we have to look for a google endpoint that could help us bypass the CSP.
Well, luckily, PayloadsAllTheThings has a payload to [bypass CSP using Google endpoint](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20Injection#bypass-csp-using-jsonp-from-google-trick-by-apfeifer27).
Final payload would be
Please note that I am playing with hackstreetboys team and this challenge was first solved by my teammate, Ameer.
Thanks for reading.