Skip to content
This repository has been archived by the owner on May 2, 2024. It is now read-only.

Create angular-client-side-template-injection.yaml #33

Merged
merged 1 commit into from
Jul 10, 2023
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions csti/angular-client-side-template-injection.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
id: angular-client-side-template-injection

info:
name: Angular Client-side-template-injection
author: theamanrawat
severity: high
reference:
- https://www.acunetix.com/vulnerabilities/web/angularjs-client-side-template-injection/
- https://portswigger.net/research/xss-without-html-client-side-template-injection-with-angularjs
tags: angular,csti,dast

variables:
first: "{{rand_int(1000, 9999)}}"
second: "{{rand_int(1000, 9999)}}"
result: "{{to_number(first)*to_number(second)}}"

headless:
- steps:
- action: navigate
args:
url: "{{BaseURL}}"
- action: waitload

payloads:
payload:
- '{{concat("{{", "{{first}}*{{second}}", "}}")}}'

fuzzing:
- part: query
type: postfix
mode: single
fuzz:
- "{{payload}}"

matchers:
- type: word
part: body
words:
- "{{result}}"