Vercel Storage Content-Security-Policy Bypass Scanner

Vercel Storage is a cloud storage solution widely used by developers and organizations for deploying and hosting web applications. It offers easy integration with modern web frameworks and allows for seamless storage and retrieval of static assets. With its scalable infrastructure, Vercel Storage is ideal for applications expecting variable traffic loads. The service is typically employed by frontend and backend developers looking for efficient content delivery. Its compatibility with multiple technologies makes it a go-to choice for developers seeking flexible deployment options. Vercel Storage is often utilized in projects requiring rapid prototyping and agile development cycles.

Cross-Site Scripting (XSS) is a vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. This can result in unauthorized actions being performed on behalf of users or stealing sensitive information such as session tokens. XSS vulnerabilities typically arise from improper validation or sanitization of user inputs in web applications. The attacker can execute arbitrary JavaScript in the context of the victim, gaining unauthorized access to user data or performing harmful actions. XSS attacks can be used to hijack user sessions, deface websites, or redirect users to malicious domains. Vercel Storage is susceptible to XSS if content-safety policies are improperly configured.

The technical details of this vulnerability involve the manipulation of the Content-Security-Policy headers of applications using Vercel Storage. Attackers exploit this by injecting a script stored in a public Vercel storage blob, which is allowed to execute due to CSP misconfiguration. This vulnerability allows scripts from untrusted origins to execute in the browser, circumventing security measures. The attack typically targets the query parameters of URLs, replacing them with malicious payloads. Once executed, the script can capture session data, perform unauthorized actions, or redirect users to malicious sites. The vulnerable parameter in this particular template is the CSP header value which lacks strict-origin policy enforcement.

The exploitation of this vulnerability can have several detrimental effects. Attackers may gain unauthorized access to user accounts, stealing sensitive data or performing actions in a user's name. Additionally, it can lead to defacement of web pages, impacting the reputation and trustworthiness of the affected service. In severe cases, it could allow for the spread of malware by directing users unsuspectingly to harmful sites. The use of compromised scripts might also facilitate further attacks by creating a persistent threat in the form of backdoors. Ultimately, users might experience financial or personal data loss due to such attacks.

REFERENCES

• https://github.com/renniepak/CSPBypass/blob/main/data.tsv