PDO Prepared Statements

2025-07-26 15:21:23 +02:00
parent 61fa0020c5
commit ac73b0c619
2 changed files with 81 additions and 6 deletions
--- a/Injection/4
+++ b/Injection/4
@@ -4,7 +4,7 @@

 ## Summary

- [CSP Detection](#csp-detection)
+- [Tools](#tools)
 - [Bypass CSP using JSONP](#bypass-csp-using-jsonp)
 - [Bypass CSP default-src](#bypass-csp-default-src)
 - [Bypass CSP inline eval](#bypass-csp-inline-eval)
@@ -16,9 +16,10 @@
 - [Labs](#labs)
 - [References](#references)

-## CSP Detection
+## Tools

-Check the CSP on [https://csp-evaluator.withgoogle.com](https://csp-evaluator.withgoogle.com) and the post : [How to use Google’s CSP Evaluator to bypass CSP](https://websecblog.com/vulns/google-csp-evaluator/)
+- [gmsgadget.com](https://gmsgadget.com/) - GMSGadget (Give Me a Script Gadget) is a collection of JavaScript gadgets that can be used to bypass XSS mitigations such as Content Security Policy (CSP) and HTML sanitizers like DOMPurify.
+- [csp-evaluator.withgoogle.com](https://csp-evaluator.withgoogle.com) - CSP Evaluator allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks.

 ## Bypass CSP using JSONP

@@ -173,5 +174,6 @@ Source: [@pilvar222](https://twitter.com/pilvar222/status/1784618120902005070)
 ## References

 - [Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities - Brett Buerhaus (@bbuerhaus) - March 8, 2017](https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/)
- [D1T1 - So We Broke All CSPs - Michele Spagnuolo and Lukas Weichselbaum - 27 Jun 2017](http://web.archive.org/web/20170627043828/https://conference.hitb.org/hitbsecconf2017ams/materials/D1T1%20-%20Michele%20Spagnuolo%20and%20Lukas%20Wilschelbaum%20-%20So%20We%20Broke%20All%20CSPS.pdf)
- [Making an XSS triggered by CSP bypass on Twitter - wiki.ioin.in(查看原文) - 2020-04-06](https://www.buaq.net/go-25883.html)
+- [D1T1 - So We Broke All CSPs - Michele Spagnuolo and Lukas Weichselbaum - June 27, 2017](http://web.archive.org/web/20170627043828/https://conference.hitb.org/hitbsecconf2017ams/materials/D1T1%20-%20Michele%20Spagnuolo%20and%20Lukas%20Wilschelbaum%20-%20So%20We%20Broke%20All%20CSPS.pdf)
+- [How to use Google’s CSP Evaluator to bypass CSP - Thomas Orlita - September 9, 2018](https://websecblog.com/vulns/google-csp-evaluator/)
+- [Making an XSS triggered by CSP bypass on Twitter - wiki.ioin.in(查看原文) - April 6, 2020](https://www.buaq.net/go-25883.html)