id: skimresources-r-csp-bypass info: name: Content-Security-Policy Bypass - SkimResources R author: renniepak,DhiyaneshDK severity: medium reference: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true tags: xss,csp-bypass,skimresources-r flow: http(1) && headless(1) http: - method: GET path: - "{{BaseURL}}" matchers: - type: word part: header words: - "Content-Security-Policy" - "skimresources.com" condition: and internal: true headless: - steps: - action: navigate args: url: "{{BaseURL}}" - action: waitdialog name: skimresources_r_csp_xss args: max-duration: 5s payloads: injection: - '' fuzzing: - part: query type: replace mode: single fuzz: - "{{url_encode(injection)}}" matchers: - type: dsl dsl: - "skimresources_r_csp_xss == true" # digest: 4b0a00483046022100d025c91de4ed3af4b6e9bdbd8a8f9a4cceed33aaae5ad228489faeb0b1d6806e022100f0ce25a1a3ee1aa2d65eda12fe6c3cf5e720733d60aa81898305980e0be31d39:922c64590222798bb761d5b6d8e72950