Embedding unauthorized images in the report

Another payload could have been used to embed unauthorized images into the webpage. Since the website is Content Security Policy (CSP) protected, we can only add the malicious payload, which would look something like the following:

<http://<img src="https://profile-photos.hackerone-user-content.com/production/000/000/013/76b3a9e70495c3b7340e33cdf5141660ae26489b_large.png?1383694562"> 

The previous payload will be rendered as follows:

http://<img src="https://profile-photos.hackerone-user-content.com/production/000/000/013/76b3a9e70495c3b7340e33cdf5141660ae26489b_large.png?1383694562"> 

This will post an image in the report page without having the page.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.117.119.206