login
"Burp Suite Pro is my web app assessment tool-of-choice. It has made my life and my job easier so I can be more efficient."
Jed Mitten, Senior Security Consultant, MANDIANT
"We tried the others, but keep coming back to Burp Suite Pro. Nothing comes near it for application security testing."
Steve Lord, Mandalorian
Naive use of the extremely popular JavaScript framework AngularJS is exposing numerous websites to Angular Template Injection. This relatively low profile sibling of server-side template injection can be combined with an Angular sandbox escape to launch cross-site scripting (XSS) attacks on otherwise secure sites. This post will summarize the core concepts of Angular Template Injection, then show the development of a fresh sandbox escape affecting all modern Angular versions.
This release adds a new scan check for client-side template injection.
It is very common for applications that use AngularJS to incorporate user input into HTML responses within the client-side template. AngularJS has a long history of sandbox escapes that permit execution of arbitrary JavaScript via template expressions. Hence, when user input is echoed within AngularJS templates, it is frequently possible to perform XSS attacks using minimal syntax that is not usually sufficient to perform XSS, and so not blocked by input filters.