Skip to content

Latest commit

 

History

History
57 lines (31 loc) · 5.29 KB

README.md

File metadata and controls

57 lines (31 loc) · 5.29 KB

Client-Site Path Traversal Playground

Doyensec Research Island

🚀 Introduction

Welcome to the CSPT Playground, an app that provides the opportunity to learn, find and exploit Client-Side Path Traversal (CSPT).

Client-Side Path Traversal (CSPT) is a vulnerability that allows an attacker to manipulate the file paths used by a client-side application. This can lead to various vulnerabilities: including Cross-Site Scripting, leaks of sensitive data and Cross-Site Request Forgery and many others.

This app is a playground specifically designed to demonstrate and exploit Client-Side Path Traversal vulnerabilities. It provides a platform to experiment with multiple exploits, such as CSPT2CSRF (Client-Side Path Traversal to Cross-Site Request Forgery) and CSPT2XSS (Client-Side Path Traversal to Cross-Site Scripting).

Various gadgets and sinks have been implemented within this app to showcase the potential risks and consequences of CSPT. Other sources, such as store CSPT or other impacts have not been covered yet such as prototype pollution, DOM clobbering, etc...

If you're still new to CSPT, make sure to read our blog post and whitepaper.

I hope you will like it, happy exploitation!

🔎 How to use it

We package the backend, the frontend and the database with docker. If you have docker installed, you can run it with :

docker compose up

The React application is accessible at http://localhost:3000 and the Express API at http://localhost:8000

📜 Developing

You can run the services without docker. Development was made with node v20.9.0.

docker run --name mongodb -d -p 27017:27017 mongodb/mongodb-community-server
cd ./backend/app/ && npm install && npm start
cd ./frontend/app/ && npm install && npm start

🤝 Contributing

CSPT Playground thrives on community contributions. Whether you're a developer, researcher, designer, or bug hunter, your expertise is invaluable to us. We welcome bug reports, feedback, and pull requests. Your participation helps us continue to improve the application, making it a stronger tool for the community.

Interactions are best carried out through the GitHub issue tracker, but you can also reach us on social media (@Doyensec). We look forward to hearing from you!

👥 Contributors

A special thanks to our contributors. Your dedication and commitment have been instrumental in making this extension what it is today.

Current:

This project was made with the support of Doyensec.

Doyensec Research