https://github.com/doyensec/csptplayground
CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).
https://github.com/doyensec/csptplayground
appsec-testing cspt csrf websec websecurity
Last synced: 12 days ago
JSON representation
CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).
- Host: GitHub
- URL: https://github.com/doyensec/csptplayground
- Owner: doyensec
- License: apache-2.0
- Created: 2024-10-03T00:04:36.000Z (9 months ago)
- Default Branch: main
- Last Pushed: 2025-03-31T19:10:31.000Z (3 months ago)
- Last Synced: 2025-05-14T02:51:44.173Z (about 1 month ago)
- Topics: appsec-testing, cspt, csrf, websec, websecurity
- Language: JavaScript
- Homepage: https://blog.doyensec.com/2024/07/02/cspt2csrf.html
- Size: 258 KB
- Stars: 117
- Watchers: 3
- Forks: 10
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
README
# Client-Site Path Traversal Playground
[](https://doyensec.com/research.html)
# :rocket: Introduction
Welcome to the **CSPT Playground**, an app that provides the opportunity to learn, find and exploit Client-Side Path Traversal (CSPT).
Client-Side Path Traversal (CSPT) is a vulnerability that allows an attacker to manipulate the file paths used by a client-side application. This can lead to various vulnerabilities: including Cross-Site Scripting, leaks of sensitive data and Cross-Site Request Forgery and many others.
This app is a playground specifically designed to demonstrate and exploit Client-Side Path Traversal vulnerabilities. It provides a platform to experiment with multiple exploits, such as CSPT2CSRF (Client-Side Path Traversal to Cross-Site Request Forgery) and CSPT2XSS (Client-Side Path Traversal to Cross-Site Scripting).
Various gadgets and sinks have been implemented within this app to showcase the potential risks and consequences of CSPT. Other sources, such as store CSPT or other impacts have not been covered yet such as prototype pollution, DOM clobbering, etc...
If you're still new to CSPT, make sure to read our [blog post](https://blog.doyensec.com/2024/07/02/cspt2csrf.html) and [whitepaper](https://www.doyensec.com/resources/Doyensec_CSPT2CSRF_Whitepaper.pdf).
I hope you will like it, happy exploitation!
# :mag_right: How to use it
We package the backend, the frontend and the database with docker. If you have docker installed, you can run it with :
```bash
docker compose up
```
The React application is accessible at http://localhost:3000 and the Express API at http://localhost:8000
You can change the backend host and port with the docker args REACT_APP_BACKEND_HOST and REACT_APP_BACKEND_PORT.
```bash
docker-compose build --build-arg REACT_APP_BACKEND_HOST=
docker compose up
```
# :scroll: Developing
You can run the services without docker. Development was made with node v20.9.0.
```bash
docker run --name mongodb -d -p 27017:27017 mongodb/mongodb-community-server
cd ./backend/app/ && npm install && npm start
cd ./frontend/app/ && npm install && npm start
```
# :handshake: Contributing
CSPT Playground thrives on community contributions. Whether you're a developer, researcher, designer, or bug hunter, your expertise is invaluable to us. We welcome bug reports, feedback, and pull requests. Your participation helps us continue to improve the application, making it a stronger tool for the community.
Interactions are best carried out through the GitHub issue tracker, but you can also reach us on social media ([@Doyensec](https://twitter.com/Doyensec)). We look forward to hearing from you!
# :busts_in_silhouette: Contributors
A special thanks to our contributors. Your dedication and commitment have been instrumental in making this extension what it is today.
Current:
- **Maintainer:** Maxence Schmitt [@maxenceschmitt (Twitter)](https://twitter.com/maxenceschmitt)
This project was made with the support of [Doyensec](https://doyensec.com/research.html).
