Course

This course delves into the exploitation of a Cross-Site Scripting (XSS) vulnerability within an application that employs a Content Security Policy (CSP). It begins with an introduction to the basic concepts of CSP, explaining how it aims to mitigate the impact of XSS among other threats. The course then guides you through the detection of the XSS vulnerability and demonstrates why a classic payload like `` fails due to CSP restrictions.

Following the initial detection, the course provides a hands-on approach to bypassing the CSP. It demonstrates how to find another vulnerable page on the server and use it to inject a script tag that loads your payload. The video transcript complements the course by walking through the steps of identifying and exploiting the vulnerability, ensuring you understand both the theoretical and practical aspects of bypassing CSP to execute arbitrary JavaScript.