kriware Aug 31, 2025

Cache Deception + CSPT: Turning Non-Impactful Findings into Account Takeover

Chained client-side path traversal and cache deception enabled account takeover from seemingly harmless bugs.

https://zere.es/posts/cache-deception-cspt-account-takeover/

#cache-deception #cspt

Cache Deception + CSPT: Turning Non Impactful Findings into Account Takeover

Recently, while auditing the main application of a private bug bounty program, I discovered a Client-Side Path Traversal (CSPT) and a Cache Deception vulnerability. Individually, these issues were unexploitable and had no real impact. However, when chained together, I was able to demonstrate Account Takeover.

Zere
DoyensecMar 27, 2025

As a follow up to Maxence Schmitt's amazing #CSPT research, we've published a list of resources to help people interested in this class of vulnerabilities. Check it out today for video, tools, challenges and variety of publications!

https://blog.doyensec.com/2025/03/27/cspt-resources.html

#Doyensec #appsec

CSPT Resources · Doyensec's Blog

CSPT Resources

Show threadDoyensecJan 17, 2025

1️⃣ Starting things off is Maxence Schmitt's research on abusing #CSPT to perform CSRF attacks. Because of its ability to bypass most modern defensive techniques the ubiquity of this vulnerability can't be overstated.

https://blog.doyensec.com/2024/07/02/cspt2csrf.html

Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF · Doyensec's Blog

Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF

DoyensecJan 9, 2025

Taking his previous research to the next level, our Maxence Schmitt explores how to bypass various upload restrictions to exploit client-side path traversal. Read about it in our latest blog post today!

https://blog.doyensec.com/2025/01/09/cspt-file-upload.html

#doyensec #appsec #cspt #cspt2csrf

Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal · Doyensec's Blog

Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal

DoyensecDec 3, 2024

Get your mind off the cold 🥶 & check out our new blog post! In it, [email protected] extends Maxence Schmitt's research - giving details on using Eval Villain to find & exploit #CSPT vulnerabilities in modern apps. Read it today!

https://blog.doyensec.com/2024/12/03/cspt-with-eval-villain.html

#doyensec #appsec #bugbountytips #Security

CSPT the Eval Villain Way! · Doyensec's Blog

CSPT the Eval Villain Way!

DoyensecNov 18, 2024

👿Eval Villain update - available now! Recent improvements: #CSPT sink detection, addEventListener sync & needle and copy/paste injection exporting, along with bug fixes & improved usability. Install today!

https://github.com/swoops/eval_villain

#doyensec #appsec #security #xss #bugbountytips

GitHub - swoops/eval_villain: A Firefox Web Extension to improve the discovery of DOM XSS.

A Firefox Web Extension to improve the discovery of DOM XSS. - swoops/eval_villain

GitHub