ST Angular Content-Security-Policy Bypass Scanner

The ST Angular CSP Bypass Scanner is designed to identify vulnerabilities related to Content Security Policy (CSP) bypasses in applications using the Angular framework. Angular is widely used by developers to build dynamic web applications with rich interfaces. This framework is popular among organizations aiming to deliver scalable, maintainable, and high-performance applications. The scanner operates by examining the HTTP responses of web servers to find CSP misconfigurations that may lead to bypasses. It automates the process of detecting potentially exploitable vulnerabilities, allowing security teams to address issues proactively.

Cross-Site Scripting (XSS) vulnerabilities are a common security issue that occurs when web applications allow user input to be executed as code in the browser. The detected CSP bypass vulnerability allows attackers to inject malicious scripts into web pages even when CSP headers are in place. This can be achieved by exploiting certain flaws in the CSP implementation, leading to potential XSS attacks. The purpose of such attacks usually revolves around data theft, session hijacking, or spreading malware to other users.

The technical details of the ST Angular CSP Bypass Scanner involve manipulating the response headers. It checks for the presence of specific words such as "Content-Security-Policy" and "st.com" in the headers, and uses headless navigation to verify XSS execution. The scanner employs payloads that target Angular-specific constructs, which, when executed, attempt to bypass CSP policies. The vulnerable endpoint is identified through the analysis of HTTP GET requests, and specific query parameters may be replaced to test the efficacy of the CSP implementation.

If exploited, the CSP bypass vulnerability in ST Angular could lead to severe consequences, such as unauthorized script execution. Malicious actors could leverage this flaw to inject scripts that steal user data or session tokens. Additionally, an attacker could deploy phishing schemes or malware by redirecting users to malicious sites. The overall integrity and trust of the web application can be compromised, resulting in potential reputational damage and loss of user trust. Organizations are likely to face compliance issues and financial losses as a result.

REFERENCES

• https://github.com/renniepak/CSPBypass/blob/main/data.tsv