Stored XSS on Angular JS 1.4.9

  1. BurpSuite
  1. 1. Go to https://target.com/<user_account>/UsefulLinks/ So There is a Fields one is Website Name and Other is URL.
  2. Here URL is the Vulnerable Parameter.
    (When we simply put the Payload in URL parameter the website Rejects this only on Client side Like it gives an error. But When we put the same payload in the BurpSuite. It cannot validate this payload. which means the payload only validate on the client side.)
  3. In Website Name Type anything example “XSS” and In URL field put url like http://example.com
  4. Click on submit and capture this request in Burp Suite. and In Burp Suite replace the URL which is http://example.com to the javascript:confirm(“Stored_XSS”);
Vulnerable Field
</div>
</div>
<div class="col-sm-12 form-group">
<label class="col-sm-5 control-label no-padding-right" for="UL_URL">URL<span class="red">*</span></label>
<div class="col-sm-4">
<input id="UL_URL" name="UL_URL" class="form-control required" placeholder="http://" type="text" value="http://"><span></span>
</div>
</div>
Burp Screenshot
Trigger XSS

--

--

Penetration Tester, Bug Bounty Hunter, Security Researcher

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vishal Bharad

Vishal Bharad

653 Followers

Penetration Tester, Bug Bounty Hunter, Security Researcher