Skip to main content
Sicksec
  1. Bug Bounty Writeups/

Tale of XSS in Angular

·74 words·1 min
Bug Findings
Sicksec
Author
Sicksec
Finding bugs in production. Breaking APIs for fun. Passionate about Web Security, API Testing, GraphQL, and REST APIs.
Table of Contents

Angular XSS Featured Image

Hello Security Researchers and Hackers

In this writeup I explain how I found 2 rXSS vulnerabilities in Angular using automation.

Tools Used
#

  • Findomain for subdomain monitoring
  • Wappalyzer for technology detection

Discovery Process
#

  1. Received Telegram alert for new subdomains

  2. Identified Angular 1.6 using Wappalyzer

  3. Found reflected error parameter:

    https://redacted.com/Home/Error?error=USER_NOT_AUTHORIZED

Exploitation
#

Used payload from PayloadsAllTheThings:

XSS Execution Proof

Key Takeaways
#

  • Demonstrate concrete impact for better severity rating
  • Automate monitoring for fresh targets
  • Know framework-specific vulnerabilities