1. Web Security Academy
  2. Cross-site scripting
  3. CSP
  4. Lab

Lab: Reflected XSS protected by CSP, with dangling markup attack


This lab uses CSP to mitigate against XSS attacks.

To solve the lab, perform a dangling markup attack that steals a CSRF token and uses it to change the email address of another user. You can use the following credentials to log in for testing:

  • Username: wiener
  • Password: peter