绕过 CSP,实现 Netlify CDN 上XSS | CTF导航
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 402c1242-8fde-40ca-84c8-090bad06498d |
| Fingerprint | 329dc381c645e88c |
| Analysis status | DONE |
| Considered CTI value | -2 |
| Text language | |
| Published | Sept. 3, 2024, midnight |
| Added to db | Sept. 19, 2024, 3:13 p.m. |
| Last updated | Nov. 16, 2024, 6:18 a.m. |
| Headline | 绕过 CSP,实现 Netlify CDN 上XSS |
| Title | 绕过 CSP,实现 Netlify CDN 上XSS | CTF导航 |
| Detected Hints/Tags/Attributes | 12/0/13 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.ctfiot.com/205676.html |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 426 | ✔ | CTF导航 | https://www.ctfiot.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | gugesay.com |
|
| Details | Domain | 1 | app.netlify.com |
|
| Details | Domain | 1 | docs.netlify.com |
|
| Details | Domain | 1 | d33wubrfki0l68.cloudfront.net |
|
| Details | File | 34 | next.js |
|
| Details | File | 75 | favicon.ico |
|
| Details | Url | 1 | https://gugesay.com不想错过任 |
|
| Details | Url | 1 | https://gugesay.com |
|
| Details | Url | 1 | https://app.netlify.com |
|
| Details | Url | 1 | https://docs.netlify.com/image-cdn/overview/?source=post_page |
|
| Details | Url | 1 | https://app.netlify.com/.netlify/images?url=https://app.netlify.com/favicon.ico |
|
| Details | Url | 1 | https://d33wubrfki0l68.cloudfront.net |
|
| Details | Url | 1 | https://infosecwriteups.com/bypassing-csp-via-url-parser-confusions-xss-on-netlifys-image-cdn-755a27065fd9 |