Previous Bypass is now fixed in version 1.4.7 – XSS with AngularJS 0x2
uk text to speech
Testing the old bypass from version 1.0.8 on a new version 1.4.7 where it's fixed, to prepare for a different bypass.
mario heiderich @0x6d6172696f (https://cure53.de/)
gareth heyes @garethheyes
XSS without HTML: Client-Side Template Injection with AngularJS
http://blog.portswigger.net/2016/01/x...
An Abusive Relationship with AngularJS
-=[ 🔴 Stuff I use ]=-
→ Microphone:* https://amzn.to/2LW6ldx
→ Graphics tablet:* https://amzn.to/2C8djYj
→ Camera#1 for streaming:* https://amzn.to/2SJ66VM
→ Lens for streaming:* https://amzn.to/2CdG31I
→ Connect Camera#1 to PC:* https://amzn.to/2VDRhWj
→ Camera#2 for electronics:* https://amzn.to/2LWxehv
→ Lens for macro shots:* https://amzn.to/2C5tXrw
→ Keyboard:* https://amzn.to/2LZgCFD
→ Headphones:* https://amzn.to/2M2KhxW
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
-=[ 📄 P.S. ]=-
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
#WebSecurity
2016-09-16 16:37:15
source
Gloss