Client-side template injection vulnerabilities occur when web application using a client-side template framework dynamically embed user input. This Sinatra app has a client-side template injection vulnerability with AngularJS. Let's attack it!
{{constructor.constructor('alert(1)')()}} fire alert().
Run startup.sh, sintra app work on 5000 port.
$ ./startup.sh
Also Dockerfile exists.
$ docker build .
$ docker run -p 127.0.0.1:5000:5000 -d <IMAGE ID>
- #230234 [mercantile.wordpress.org] Reflected XSS via AngularJS Template Injection
- #250837 Stored xss via template injection
- Reflective XSS via angularJS template injection - Hostinger – Taha Ibrahim DRAIDIA – Random Thoughts Mostly About Ethical Hacking
The MIT License
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}