I don't normally blog about bug bounty findings, but I recently found a couple on Piwik and Uber based on AngularJS template injection that have some interesting technical subtleties. As such, I've published it on blog.portswigger.net: http://blog.portswigger.net/2016/04/adapting-angularjs-payloads-to-exploit.html
The Piwik exploit may actually allow unauthenticated RCE so I'd suggest patching ASAP. Many thanks to @garethheyes for helping with the payload adaptions.
No comments:
Post a Comment