Interesting Bypassing CSP Nonces via the Browser's Disk Cache

abadon1969

abadon1969

Moderator
Staff member
MODERATOR
SUPREME
MEMBER
Joined
Sep 17, 2025
Messages
458
Reaction score
2,375
Deposit
0$
😈 Bypassing CSP Nonces via the Browser's Disk Cache

— This article describes a sophisticated technique for bypassing Content Security Policy (CSP) using nonce values by exploiting browser caching mechanisms.

Content Security Policy (CSP) is a security standard for web developers that restricts the sources from which scripts and design elements can be loaded when a website is opened in a browser.

The purpose of CSP is to reduce the risk of third-party code injection attacks, such as cross-site scripting (XSS).

The author will demonstrate how a combination of CSS injections, CSRF attacks, and the specific operation of bfcache and disk cache can lead to the execution of arbitrary JavaScript code even with strict CSP.
To view the content, you need to Sign In or Register.
 
You must log in or register to reply here.

Similar threads

Depov
SAML Authentication Attacks: XML Signature Wrapping, Golden SAML and bypassing the federal SSO
Replies
1
Views
178
Tofuos
T
Depov
Bypassing ML detectors to IDS: adversarial-attacks and testing the robustness of models
Replies
0
Views
123
Depov
Depov
Depov
Modern methods of bypassing WAF in tasks with non-standard XSS
Replies
1
Views
140
kamelli123
K
pinkman
NEWS Bypassing ASLR, remote code execution and 30 days of silence. What is known about the new vulnerability in nginx and why the details are still classif
Replies
0
Views
162
pinkman
pinkman
Depov
AiTM phishing: bypassing MFA through Evilginx, Modlishka and Murena
Replies
2
Views
209
Solian1
S
Top Bottom