https://tahadraidia.com/tags/csp/Recent content in CSP on Taha DraidiaHugo -- gohugo.ioen-usThu, 17 Jan 2019 00:00:00 +0000https://tahadraidia.com/posts/bypass-csp-framing-restriction-rule-olx/Thu, 17 Jan 2019 00:00:00 +0000https://tahadraidia.com/posts/bypass-csp-framing-restriction-rule-olx/It’s been a while since my last post. Today I decided to share with you a bug I found on a public bug bounty program on HackerOne. You can find the original report here. This post is about a misconfiguration in CSP rule that leaves the website vulnerable to UI redressing aka clickjacking. This attack is widly used by scammer and spammers to trick users. After some recon on olx.co.za and olx.