Monday, 25 April 2016

Exploiting Uber and Piwik with adapted AngularJS payloads

I don't normally blog about bug bounty findings, but I recently found a couple on Piwik and Uber based on AngularJS template injection that have some interesting technical subtleties. As such, I've published it on blog.portswigger.net: http://blog.portswigger.net/2016/04/adapting-angularjs-payloads-to-exploit.html

The Piwik exploit may actually allow unauthenticated RCE so I'd suggest patching ASAP. Many thanks to @garethheyes for helping with the payload adaptions.

No comments:

Post a comment