Angular Client-side-template-injection
ID: angular-client-side-template-injection
Severity: high
Author: theamanrawat
Tags: angular,csti,dast,headless,xss
Description
Section titled “Description”Detects Angular client-side template injection vulnerability.
YAML Source
Section titled “YAML Source”id: angular-client-side-template-injection
info: name: Angular Client-side-template-injection author: theamanrawat severity: high description: | Detects Angular client-side template injection vulnerability. impact: | May lead to remote code execution or sensitive data exposure. remediation: | Sanitize user inputs and avoid using user-controlled data in template rendering. reference: - https://www.acunetix.com/vulnerabilities/web/angularjs-client-side-template-injection/ - https://portswigger.net/research/xss-without-html-client-side-template-injection-with-angularjs tags: angular,csti,dast,headless,xss
variables: first: "{{rand_int(1000, 9999)}}" second: "{{rand_int(1000, 9999)}}" result: "{{to_number(first)*to_number(second)}}"
headless: - steps: - action: navigate args: url: "{{BaseURL}}"
- action: waitload
payloads: payload: - '{{concat("{{", "{{first}}*{{second}}", "}}")}}'
fuzzing: - part: query type: postfix mode: single fuzz: - "{{payload}}"
matchers: - type: word part: body words: - "{{result}}"# digest: 4a0a00473045022020e22f3aa1d49de743347240f3cfc2d4aaa31d402183612be52fd033f51e0792022100a2ed81987f5a5c068275bcf09d505c3582738155068ebb6511cea83023af40c1:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "dast/vulnerabilities/csti/angular-client-side-template-injection.yaml"