Sandbox Bypass in Version 1.0.8 - XSS with AngularJS 0x1

Channel:
United States LiveOverflow
Subscribers:
921,000
Published on ● Video Link: https://www.youtube.com/watch?v=DkL3jaI1cj0


Duration: 8:02
15,264 views
290

Bypassing the AngularJS Sandbox for version 1.0.8 to get XSS.

mario heiderich @0x6d6172696f (https://cure53.de/)
gareth heyes @garethheyes
XSS without HTML: Client-Side Template Injection with AngularJS
http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html
An Abusive Relationship with AngularJS
https://vimeo.com/165951806

-=[ 🔴 Stuff I use ]=-

→ Microphone:* https://geni.us/ntg3b
→ Graphics tablet:* https://geni.us/wacom-intuos
→ Camera#1 for streaming:* https://geni.us/sony-camera
→ Lens for streaming:* https://geni.us/sony-lense
→ Connect Camera#1 to PC:* https://geni.us/cam-link
→ Keyboard:* https://geni.us/mech-keyboard
→ Old Microphone:* https://geni.us/mic-at2020usb

US Store Front:* https://www.amazon.com/shop/liveoverflow

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#WebSecurity



Other Videos By LiveOverflow


2016-10-11Live Hacking - Internetwache CTF 2016 - exp50, exp70, exp80
2016-10-06Scripting radare2 with python for dynamic analysis - TUMCTF 2016 Zwiebel part 2
2016-10-04Reverse Engineering with Binary Ninja and gdb a key checking algorithm - TUMCTF 2016 Zwiebel part 1
2016-09-30The Heap: How to exploit a Heap Overflow - bin 0x15
2016-09-27The Heap: what does malloc() do? - bin 0x14
2016-09-23CSRF Introduction and what is the Same-Origin Policy? - web 0x04
2016-09-19New Sandbox Bypass in 1.4.7 - XSS with AngularJS 0x3
2016-09-16Previous Bypass is now fixed in version 1.4.7 - XSS with AngularJS 0x2
2016-09-13XSS Contexts and some Chrome XSS Auditor tricks - web 0x03
2016-09-09Capturing & Analyzing Packets with Saleae Logic Pro 8 - Reverse Engineering A/C Remote part 2
2016-09-06Sandbox Bypass in Version 1.0.8 - XSS with AngularJS 0x1
2016-09-02Introducing the AngularJS Javascript Framework - XSS with AngularJS 0x00
2016-08-30What is PHP and why is XSS so common there? - web 0x02
2016-08-26Building Poor Man's Logic Analyzer with an Arduino - Reverse Engineering A/C Remote part 1
2016-08-23The HTTP Protocol: GET /test.html - web 0x01
2016-08-19HTML + CSS + JavaScript introduction - web 0x00
2016-08-16Format String Exploit and overwrite the Global Offset Table - bin 0x13
2016-08-12NEW VIDEOS ARE COMING - loopback 0x00
2016-04-19Global Offset Table (GOT) and Procedure Linkage Table (PLT) - bin 0x12
2016-04-09A simple Format String exploit example - bin 0x11
2016-03-28Live Hacking - Internetwache CTF 2016 - crypto60, crypto70, crypto90


Tags:
live hacking
live ctf
let's hack
exploitation
xss
sandbox bypass
angularjs
angular
ng-app
cross site scripting
constructor
alert(1)
angularjs xss
angularjs security
how to hack angularjs