CSP Bypasses & open redirect

Have you encountered that csp allows content from google.com or you have filter that allows google.com for open redirect or any other vuln.

Behold here comes google.com it's own redirect

I think he has shared this technique on his twitter too.

App scripts are hosted on google.com and can be used too for csp bypasses, this blog also shares same technique.

Link : https://embracethered.com/blog/posts/2023/google-bard-data-exfiltration/

PreviousCombinedNext403 Bypass

Last updated