Published on July 11th, 2018 📆 | 2991 Views ⚑
0CONFidence 2018: XSS in Google's application and bypassing CSP (Michał Bentkowski)
iSpeech.org
Case study of an XSS in Google's application including bypassing CSP
In the presentation I will show a case-study of an interesting XSS vulnerability in one of Google's applications. I am going to present how exactly I approached looking for the bug, what obstacles I needed to overcame and how a bug in an external library made it finally possible to exploit the XSS. As a cherry on top, I'll show how I bypassed Content Security Policy by abusing script gadgets.
CONFidence: https://confidence-conference.org
Facebook: https://www.facebook.com/confidence.conference
Twitter: https://twitter.com/CONFidence_news
2018-07-11 07:45:41
source
Gloss