I discovered a Client Side Template Injection (CSTI), and after?

Question

As part of a bounty bug, I discovered a Client Side Template Injection (CSTI). I would like to create more "impressive" payload to increase the risk of the vulnerability. The framework affected is AngularJS. Theses payload works:

{{7*7}}
${{constructor.constructor('alert("This is a CSTI");')()}}
${{constructor.constructor('alert(document.cookie);')()}}
${{constructor.constructor('window.prompt("Your session has expired, please enter your password");')()}}

The next steps are to inject a Beef Payload and take screen capture of the list of hooked browser. I precise the affected software is on my computer and I will be my own victim. I precise the web page affected need to be written with a privileged account but viewed with each user of the web application.

What can I do as more powerful with a CSTI ?

score 2 · Accepted Answer · answered Feb 09 '21 at 08:14

2

Try to get account takover or user data manipulation. This will be a very dangerous subject. Good form rules tell us not to be destructive. Just describe vulnerability to security team and list potential harm moments.

answered Feb 09 '21 at 08:14

Mesky

55
2

I discovered a Client Side Template Injection (CSTI), and after?

1 Answers1