Exploiting CSP in Webkit to Break Authentication & Authorizati | PT SWARM
Exploiting CSPin Webkit to Break Authentication & Authorization
by Sachin/Prakash
The bug in the CSP implementation of WebKit, a browser engine used by Safari web browser lead to that an attacker able to steal codes/access_tokens or any other secrets that were part of the leaked URI& This allowed to carry out attacks including but not limited to account takeovers, CSRF, and sensitive information disclosure.
Contents: • TLDR; • Single Sign-On (SSO) • Content Security Policy (CSP) • CSP Violation Reports • Root Cause of the Vulnerability • How can this be exploited in SSO • Responsible Disclosure to Safari • Setting up PoC • Playground • Impact • Roadblocks • Stats • Fixes • Browsers' Mitigation Strategies • Bypasses & a new 0day • DEMO • Key Takeaways • Timeline
Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...