search

tijme / angularjs-csti-scanner

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.
MIT License
291 stars 86 forks source link

On what vulnerable website can I test your scanner? #14

Closed SeriyVol4ishe closed 6 years ago

SeriyVol4ishe commented 6 years ago

On what vulnerable website can I test your scanner?

tijme commented 6 years ago

I'm not aware of any vulnerable production environments at the moment. You can create your own vulnerable AngularJS website using the following PHP code snippet

<!DOCTYPE html>
<html>
    <head>
        <script src="https://code.angularjs.org/1.6.0/angular.min.js"></script>
    </head>
    <body ng-app="">
        <a href="?vulnerable=payload">Payload</a>
        <?php echo isset($_GET['vulnerable']) ? $_GET['vulnerable'] : ""; ?>
    </body>
</html>
SeriyVol4ishe commented 6 years ago

thanks

SeriyVol4ishe commented 6 years ago

I tried this, but had this output:

[INFO] Found AngularJS version 1.6.0 in the arguments.
[INFO] Angular CSTI scanner started.
[INFO] Scanning http://mysite.org/seriy/seriy.php
[INFO] Angular CSTI scanner finished.
[WARNING] Couldn't find any vulnerable requests.

  /$$$$$$   /$$$$$$   /$$$$$$  /$$$$$$$$ /$$$$$$  /$$$$$$
 /$$__  $$ /$$__  $$ /$$__  $$|__  $$__/|_  $$_/ /$$__  $$
| $$  \ $$| $$  \__/| $$  \__/   | $$     | $$  | $$  \__/
| $$$$$$$$| $$      |  $$$$$$    | $$     | $$  |  $$$$$$
| $$__  $$| $$       \____  $$   | $$     | $$   \____  $$
| $$  | $$| $$    $$ /$$  \ $$   | $$     | $$   /$$  \ $$
| $$  | $$|  $$$$$$/|  $$$$$$/   | $$    /$$$$$$|  $$$$$$/
|__/  |__/ \______/  \______/    |__/   |______/ \______/

Version 3.0.6 - Copyright 2017 Tijme Gommers <tijme@finnwea.com>
SeriyVol4ishe commented 6 years ago

UP: with '--crawl' option works