Closed SeriyVol4ishe closed 6 years ago
I'm not aware of any vulnerable production environments at the moment. You can create your own vulnerable AngularJS website using the following PHP code snippet
<!DOCTYPE html>
<html>
<head>
<script src="https://code.angularjs.org/1.6.0/angular.min.js"></script>
</head>
<body ng-app="">
<a href="?vulnerable=payload">Payload</a>
<?php echo isset($_GET['vulnerable']) ? $_GET['vulnerable'] : ""; ?>
</body>
</html>
thanks
I tried this, but had this output:
[INFO] Found AngularJS version 1.6.0 in the arguments.
[INFO] Angular CSTI scanner started.
[INFO] Scanning http://mysite.org/seriy/seriy.php
[INFO] Angular CSTI scanner finished.
[WARNING] Couldn't find any vulnerable requests.
/$$$$$$ /$$$$$$ /$$$$$$ /$$$$$$$$ /$$$$$$ /$$$$$$
/$$__ $$ /$$__ $$ /$$__ $$|__ $$__/|_ $$_/ /$$__ $$
| $$ \ $$| $$ \__/| $$ \__/ | $$ | $$ | $$ \__/
| $$$$$$$$| $$ | $$$$$$ | $$ | $$ | $$$$$$
| $$__ $$| $$ \____ $$ | $$ | $$ \____ $$
| $$ | $$| $$ $$ /$$ \ $$ | $$ | $$ /$$ \ $$
| $$ | $$| $$$$$$/| $$$$$$/ | $$ /$$$$$$| $$$$$$/
|__/ |__/ \______/ \______/ |__/ |______/ \______/
Version 3.0.6 - Copyright 2017 Tijme Gommers <tijme@finnwea.com>
UP: with '--crawl' option works
On what vulnerable website can I test your scanner?