From 6855341ec11ed65af99c92e0ed8a6b984fc17891 Mon Sep 17 00:00:00 2001
From: kevin <>
Date: Fri, 11 Sep 2020 16:04:05 +0700
Subject: [PATCH 1/2] add hastebin alternative to pastebin

---
 vulnerabilities/csp/source/low.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/vulnerabilities/csp/source/low.php b/vulnerabilities/csp/source/low.php
index 824b8e2f..c31ab383 100644
--- a/vulnerabilities/csp/source/low.php
+++ b/vulnerabilities/csp/source/low.php
@@ -1,10 +1,11 @@
 <?php
 
-$headerCSP = "Content-Security-Policy: script-src 'self' https://pastebin.com  example.com code.jquery.com https://ssl.google-analytics.com ;"; // allows js from self, pastebin.com, jquery and google analytics.
+$headerCSP = "Content-Security-Policy: script-src 'self' https://pastebin.com http://hastebin.com example.com code.jquery.com https://ssl.google-analytics.com ;"; // allows js from self, pastebin.com, hastebin.com, jquery and google analytics.
 
 header($headerCSP);
 
 # https://pastebin.com/raw/R570EE00
+# https://hastebin.com/raw/ohulaquzex
 
 ?>
 <?php

From 1c2c645809b70b2db825552ddb0db1bbe2fa83a8 Mon Sep 17 00:00:00 2001
From: kevin <>
Date: Sat, 12 Sep 2020 13:32:27 +0700
Subject: [PATCH 2/2] remove protocol from hastebin, update source comments,
 update help file

---
 vulnerabilities/csp/help/help.php  | 2 +-
 vulnerabilities/csp/source/low.php | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/vulnerabilities/csp/help/help.php b/vulnerabilities/csp/help/help.php
index 739b3f5b..154538e7 100644
--- a/vulnerabilities/csp/help/help.php
+++ b/vulnerabilities/csp/help/help.php
@@ -18,7 +18,7 @@
 
 		<h3>Low Level</h3>
 		<p>Examine the policy to find all the sources that can be used to host external script files.</p>
-		<pre>Spoiler: <span class="spoiler">Scripts can be included from Pastebin, try storing some JavaScript on there and then loading it in.</span></pre>
+		<pre>Spoiler: <span class="spoiler">Scripts can be included from Pastebin or Hastebin, try storing some JavaScript on there and then loading it in.</span></pre>
 
 		<br />
 
diff --git a/vulnerabilities/csp/source/low.php b/vulnerabilities/csp/source/low.php
index c31ab383..f8596883 100644
--- a/vulnerabilities/csp/source/low.php
+++ b/vulnerabilities/csp/source/low.php
@@ -1,9 +1,10 @@
 <?php
 
-$headerCSP = "Content-Security-Policy: script-src 'self' https://pastebin.com http://hastebin.com example.com code.jquery.com https://ssl.google-analytics.com ;"; // allows js from self, pastebin.com, hastebin.com, jquery and google analytics.
+$headerCSP = "Content-Security-Policy: script-src 'self' https://pastebin.com hastebin.com example.com code.jquery.com https://ssl.google-analytics.com ;"; // allows js from self, pastebin.com, hastebin.com, jquery and google analytics.
 
 header($headerCSP);
 
+# These might work if you can't create your own for some reason
 # https://pastebin.com/raw/R570EE00
 # https://hastebin.com/raw/ohulaquzex
 
@@ -16,7 +17,6 @@
 }
 $page[ 'body' ] .= '
 <form name="csp" method="POST">
-	<p><strong>Currently broken due to changes at Pastebin, looking for alternatives.</strong></p>
 	<p>You can include scripts from external sources, examine the Content Security Policy and enter a URL to include here:</p>
 	<input size="50" type="text" name="include" value="" id="include" />
 	<input type="submit" value="Include" />
