To solve the lab, perform a cross-site scripting attack that bypasses the CSP and calls the
Please note that the intended solution to this lab is only possible in Chrome.
<img src=1 onerror=alert(1)>
Content-Security-Policyheader, and the
report-uridirective contains a parameter called
token. Because you can control the
tokenparameter, you can inject your own CSP directives into the policy.
your-lab-idwith your lab ID:
script-src-elemdirective in CSP. This directive allows you to target just
scriptelements. Using this directive, you can overwrite existing
script-srcrules enabling you to inject
unsafe-inline, which allows you to use inline scripts.