Tag: vulnerability
-
Stored XSS in New Relic via Angular Expression Sandbox Escape
New Relic recently decided to publicly disclose a vulnerability I reported to them a few months ago. This was done through their public bug bounty program on Hackerone. The report can be found here: https://hackerone.com/reports/124724 The details of the report can also be found below. Details:…
-
Exploiting Angular Expressions to Steal Session Tokens on Plunker
Lately, I’ve been been doing some research on the vulnerabilities happening with some AngularJS implementations. The biggest problem being: mixing server side templates with client side templates. This opens up the opportunity for user input to get into a server-side view, that is then sent client side, and then…
-
Walkthrough for Angular Expression Injection Challenge
A little over a week ago I released an Angular expression injection challenge. The challenge consisted of a simple Todo List web app that was intentionally vulnerable and allowed persisting of Angular expressions. If you have not tried it yet and don't want to spoil it for yourself, stop reading…
-
Angular Expression Injection Vulnerability Challenge
Over the past few years, I've written a lot of Angular. Its been quite the learning experience. It started out messy as hell, got better, got smelly, then got better again, but still isn't perfect. I started out just trying to wrap my head around it and make shit work,…