Exploiting CSP in Webkit to Break Authentication & Authorizati | PT SWARM

Exploiting CSP in Webkit to Break Authentication & Authorization

by Sachin/Prakash

The bug in the CSP implementation of WebKit, a browser engine used by Safari web browser lead to that an attacker able to steal codes/access_tokens or any other secrets that were part of the leaked URI& This allowed to carry out attacks including but not limited to account takeovers, CSRF, and sensitive information disclosure.

Contents:
• TLDR;
• Single Sign-On (SSO)
• Content Security Policy (CSP)
• CSP Violation Reports
• Root Cause of the Vulnerability
• How can this be exploited in SSO
• Responsible Disclosure to Safari
• Setting up PoC
• Playground
• Impact
• Roadblocks
• Stats
• Fixes
• Browsers' Mitigation Strategies
• Bypasses & a new 0day
• DEMO
• Key Takeaways
• Timeline

https://threatnix.io/blog/exploiting-csp-in-webkit-to-break-authentication-authorization/

PT SWARM

👨‍🎤 2.98K
Technologies

Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...

Join
▲ Vote (1)

Exploiting CSP in Webkit to Break Authentication & Authorizati | PT SWARM

Login