Skip to content
/ CSPTPlayground Public

CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).

blog.doyensec.com/2024/07/02/cspt2csrf.html

License

Apache-2.0 license
80 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

doyensec/CSPTPlayground

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
backend
backend
 
 
frontend
frontend
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

Client-Site Path Traversal Playground

Doyensec Research Island

🚀 Introduction

Welcome to the CSPT Playground, an app that provides the opportunity to learn, find and exploit Client-Side Path Traversal (CSPT).

Client-Side Path Traversal (CSPT) is a vulnerability that allows an attacker to manipulate the file paths used by a client-side application. This can lead to various vulnerabilities: including Cross-Site Scripting, leaks of sensitive data and Cross-Site Request Forgery and many others.

This app is a playground specifically designed to demonstrate and exploit Client-Side Path Traversal vulnerabilities. It provides a platform to experiment with multiple exploits, such as CSPT2CSRF (Client-Side Path Traversal to Cross-Site Request Forgery) and CSPT2XSS (Client-Side Path Traversal to Cross-Site Scripting).

Various gadgets and sinks have been implemented within this app to showcase the potential risks and consequences of CSPT. Other sources, such as store CSPT or other impacts have not been covered yet such as prototype pollution, DOM clobbering, etc...

If you're still new to CSPT, make sure to read our blog post and whitepaper.

I hope you will like it, happy exploitation!

🔎 How to use it

We package the backend, the frontend and the database with docker. If you have docker installed, you can run it with :

docker compose up

The React application is accessible at http://localhost:3000 and the Express API at http://localhost:8000

📜 Developing

You can run the services without docker. Development was made with node v20.9.0.

docker run --name mongodb -d -p 27017:27017 mongodb/mongodb-community-server
cd ./backend/app/ && npm install && npm start
cd ./frontend/app/ && npm install && npm start

🤝 Contributing

CSPT Playground thrives on community contributions. Whether you're a developer, researcher, designer, or bug hunter, your expertise is invaluable to us. We welcome bug reports, feedback, and pull requests. Your participation helps us continue to improve the application, making it a stronger tool for the community.

Interactions are best carried out through the GitHub issue tracker, but you can also reach us on social media (@Doyensec). We look forward to hearing from you!

👥 Contributors

A special thanks to our contributors. Your dedication and commitment have been instrumental in making this extension what it is today.

Current:

This project was made with the support of Doyensec.

Doyensec Research

About

CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).

blog.doyensec.com/2024/07/02/cspt2csrf.html

Topics

csrf websecurity websec appsec-testing cspt

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

80 stars

Watchers

3 watching

Forks

6 forks
Report repository

Contributors 2

Languages