Monday 25 April 2016

Exploiting Uber and Piwik with adapted AngularJS payloads

I don't normally blog about bug bounty findings, but I recently found a couple on Piwik and Uber based on AngularJS template injection that have some interesting technical subtleties. As such, I've published it on

The Piwik exploit may actually allow unauthenticated RCE so I'd suggest patching ASAP. Many thanks to @garethheyes for helping with the payload adaptions.

No comments:

Post a Comment