AngularJS sandbox

https://www.w3schools.com/angular/ng_ng-app.asp

If a site loads angular.js plugin, then worth checking if able to escape its sandbox and perform xss.

Sandbox restricts access to windows or document and dangerous properties such as __proto__ , bypasses are available.

Note : post AngularJS in version 1.6, sandbox was removed.

Working:

Sandbox parses expression, rewrites JS and tests whether rewritten code contains any dangerous objects.

This can be object references, properties referenced, methods invoked

This means that need to bypass angularjs blacklisting, but execution is possible.

AngularJS sandbox escapes:

Using charAt() globally within an expression.

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/XSS%20in%20Angular.mdgithub.com

LAB 1:

Simply using payload for this angular version didn't work.

LogoText to ASCII Code Converter - Chars to ASCII Numbers - Online - Browserling Web Developer Toolswww.browserling.com
PreviousXSS Locator PolyglotNextPayloads/Insertion Points

Last updated

Was this helpful?