Vulnerability on Steemprojects: The XSS without HTML: Client-Side Template Injection with AngularJS

[emirfirlar]

Project Information

 

• Repository: https://github.com/noisy/steemprojects.com
• Project Name: https://steemprojects.com/
• Publisher (if applicable): @noisy @steemprojects

 

Expected behavior

 

Defending 'The XSS without HTML: Client-Side Template Injection with AngularJS' Attack

 

Actual behavior

 

This script is vulnerable to 'The XSS without HTML: Client-Side Template Injection with AngularJS' attacks.

 

How to reproduce

 

     Cross site scripting (XSS) is an important vulnerability that allows an attacker to send malicious code to another user. 'Client-Side Template Injection with AngularJS' is a XSS without HTML. SteemProjects is vulnerable to AngularJS client-side template injection vulnerability. Malicious users may gather data with use this. The attackers can take over the account, impersonating the user.

• The injection is reflected in the AngularJS template. You can reflect the XSS cookie to the screen using the following code

https://SteemProjects.com/{{constructor.constructor('alert("====> XSS Found By emirfirlar <====")')()}}

 

• Browser/App version: Browser: Firefox Quantum 58.0.2 (32-bit)

• Operating system: Operating system 1: Windows 7 professional SP1 (32 bit) İntel Core 2 Duo 2.13 Ghz , 4 gb RAM

 

Recording Of The Bug

 

• You can see the XSS Cookie Gif's below:

.gif)

 

• You can see the XSS Cookie in the video in detail below:

 

• You can see the Xss detail in source below


 

Proof of Work Done

 

https://github.com/emirfirlar

[noisy]

@emirfirlar - Thank you for reporting this!

Note: for sure, I should notice this issue earlier.