CVE-2020-6519 PoC — Google Chrome CSP 安全漏洞

Source

https://github.com/PerimeterX/CVE-2020-6519

Associated Vulnerability

Title:Google Chrome CSP 安全漏洞 (CVE-2020-6519)
Description:Google Chrome是美国谷歌（Google）公司的一款Web浏览器。CSP是其中的一个内容安全策略插件。 Google Chrome 84.0.4147.89之前版本中的CSP存在安全漏洞。攻击者可利用该漏洞绕过策略。

Readme

# Chromium 83 Zero Day Full CSP Bypass Cross Platforms

## [CVE-2020-6519](https://nvd.nist.gov/vuln/detail/CVE-2020-6519)

## [Technical Article](https://www.perimeterx.com/tech-blog/2020/csp-bypass-vuln-disclosure/)

## [POC](./POC) (as [reported](https://crbug.com/1064676) to the chromium project)

## [DEMO Vids!](./vids)

File Snapshot


 [4.0K]  /data/pocs/4936f3ab9c60842f238c483713a17c0aea84c91d
├── [4.8K]  CVE-2020-6519-TEST-IT-YOURSELF.js
├── [4.0K]  POC
│   ├── [ 374]  ALLOW_JAVASCRIPT_SCHEME.html
│   ├── [ 358]  BLOCK_JAVASCRIPT_SCHEME.html
│   ├── [ 121]  bypass-child-src.html
│   ├── [ 122]  bypass-object-src.html
│   ├── [  45]  bypass-script-src.js
│   ├── [ 599]  DEMO_LEGIT_FAIL.js
│   ├── [ 856]  DEMO_MALICIOUS_SUCCESS.js
│   └── [1.5K]  README.md
├── [ 327]  README.md
└── [4.0K]  vids
    ├── [ 33M]  CSP-BYPASS-DEMO.mkv
    └── [1.3K]  README.md

2 directories, 12 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!