With CSP Demo #4
Even seemingly benign user-provided content can become dangerous
Leave us a review! ⭐⭐⭐⭐⭐
Maybe you can do more than just leave us a nice review?
When we handle data from users or other external sources, it can sometimes contain more than we bargained or hoped for. The functionality below allows you to leave a review for our amazing service, but maybe you can do more than it first seems!
There is a secret token in this page. Can you steal it and exfiltrate it to the following location by leaving a review?https://evil-cyber-hacker.com/tokenDrop?token=