Tags: csp xss
Rating:
# Full WriteUp
Full Writeup on our website: [http://www.aperikube.fr/docs/easyctf_2018_fumblr/](http://www.aperikube.fr/docs/easyctf_2018_fumblr/)
-----
# TL;DR
After finding a XSS, I manage to bypass the CSP using the raw post functionality.
Then I made a payload to exfiltrate admin’s hidden posts to my blog.
