Home
Instructions
Setup / Reset DB

Brute Force
Command Injection
CSRF
File Inclusion
File Upload
Insecure CAPTCHA
SQL Injection
SQL Injection (Blind)
Weak Session IDs
XSS (DOM)
XSS (Reflected)
XSS (Stored)
CSP Bypass
JavaScript
Open HTTP Redirect

DVWA Security
PHP Info
About

Logout

Vulnerability: Content Security Policy (CSP) Bypass

You can include scripts from external sources, examine the Content Security Policy and enter a URL to include here:

More Information

Content Security Policy Reference
Mozilla Developer Network - CSP: script-src
Mozilla Security Blog - CSP for the web we have

Module developed by Digininja.

Username: Unknown
Security Level: low
Locale: en
SQLi DB: mysql

Damn Vulnerable Web Application (DVWA)